Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2006-76
HistoryDec 19, 2006 - 12:00 a.m.

XSS using outer window's Function object — Mozilla

2006-12-1900:00:00
Mozilla Foundation
www.mozilla.org
19

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.058

Percentile

93.5%

JSON

moz_bug_r_a4 demonstrated that the Function prototype regression described in bug 355161 could be exploited to bypass the protections against cross site script (XSS) injection, which could be used to steal credentials or sensitive data from arbitrary sites or perform destructive actions on behalf of a logged-in user.

Affected configurations

Vulners
Node
mozillafirefoxRange<2.0.0.1
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Related

securityvulns 1
cvelist 1
ubuntucve 1
cve 1
nvd 1
openvas 5
ubuntu 1
nessus 8
gentoo 1
suse 2
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2006-76
2006-12-20 00:00:00
cvelist
cvelist
CVE-2006-6507
2006-12-20 01:00:00
ubuntucve
ubuntucve
CVE-2006-6507
2006-12-20 00:00:00
cve
cve
CVE-2006-6507
2006-12-20 01:28:00
nvd
nvd
CVE-2006-6507
2006-12-20 01:28:00
openvas
openvas
Ubuntu: Security Advisory (USN-398-1)
2009-03-23 00:00:00
Ubuntu Update for firefox vulnerabilities USN-398-1
2009-03-23 00:00:00
Gentoo Security Advisory GLSA 200701-02 (mozilla-firefox)
2008-09-24 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-01-03 00:00:00
nessus
nessus
GLSA-200701-02 : Mozilla Firefox: Multiple vulnerabilities
2007-01-08 00:00:00
Ubuntu 6.10 : firefox vulnerabilities (USN-398-1)
2007-11-10 00:00:00
Firefox < 1.5.0.9 / 2.0.0.1 Multiple Vulnerabilities
2006-12-20 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2007-01-04 00:00:00
suse
suse
remote denial of service in mozilla
2007-01-12 14:08:00
remote code execution in MozillaFirefox,MozillaThunderbird
2006-12-29 15:41:46

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.058

Percentile

93.5%

JSON
Related for MFSA2006-76
securityvulns1cvelist1ubuntucve1cve1nvd1openvas5ubuntu1nessus8gentoo1suse2