← back
CVE-2006-1731

CVE-2006-1731

EPSS 1.8%
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.aschttp://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlhttp://secunia.com/advisories/19631http://secunia.com/advisories/19696http://secunia.com/advisories/19714http://secunia.com/advisories/19721http://secunia.com/advisories/19729http://secunia.com/advisories/19746http://secunia.com/advisories/19759http://secunia.com/advisories/19780http://secunia.com/advisories/19794