CVE-2006-1731

Description

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

Affected products

• Mozilla / Firefox1.0.7
• Mozilla / Firefox1.0 – 1.0
• Mozilla / Firefox1.0.1 – 1.0.1
• Mozilla / Firefox1.0.2 – 1.0.2
• Mozilla / Firefox1.0.3 – 1.0.3
• Mozilla / Firefox1.0.4 – 1.0.4
• Mozilla / Firefox1.0.5 – 1.0.5
• Mozilla / Firefox1.0.6 – 1.0.6
• Mozilla / Firefox1.5 – 1.5
• Mozilla / Firefox1.5 – 1.5
• Mozilla / Firefox1.5 – 1.5
• Mozilla / mozilla_suite1.7.12
• Mozilla / mozilla_suite1.7.6 – 1.7.6
• Mozilla / mozilla_suite1.7.7 – 1.7.7
• Mozilla / mozilla_suite1.7.8 – 1.7.8
• Mozilla / mozilla_suite1.7.10 – 1.7.10
• Mozilla / mozilla_suite1.7.11 – 1.7.11
• Mozilla / seamonkey1.0
• Mozilla / seamonkey1.0 – 1.0
• Mozilla / Thunderbird1.0.7
• Mozilla / Thunderbird1.0 – 1.0
• Mozilla / Thunderbird1.0.1 – 1.0.1
• Mozilla / Thunderbird1.0.2 – 1.0.2
• Mozilla / Thunderbird1.0.3 – 1.0.3
• Mozilla / Thunderbird1.0.4 – 1.0.4
• Mozilla / Thunderbird1.0.5 – 1.0.5
• Mozilla / Thunderbird1.0.5 – 1.0.5
• Mozilla / Thunderbird1.0.6 – 1.0.6
• Mozilla / Thunderbird1.5 – 1.5
• Mozilla / Thunderbird1.5 – 1.5

References

• VENDOR_ADVISORYhttps://usn.ubuntu.com/275-1/
• MISChttp://www.redhat.com/support/errata/RHSA-2006-0330.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/19902
• VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
• VENDOR_ADVISORYhttps://usn.ubuntu.com/276-1/
• MISChttp://www.securityfocus.com/archive/1/438730/100/0/threaded
• VENDOR_ADVISORYhttp://secunia.com/advisories/19941
• VENDOR_ADVISORYhttp://secunia.com/advisories/19780
• MISChttp://www.redhat.com/support/errata/RHSA-2006-0328.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/19821
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
• MISChttp://www.mozilla.org/security/announce/2006/mfsa2006-19.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/21622
• VENDOR_ADVISORYhttp://secunia.com/advisories/19862
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:075
• MISChttp://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
• VENDOR_ADVISORYhttp://secunia.com/advisories/19823
• VENDOR_ADVISORYhttp://www.debian.org/security/2006/dsa-1051
• MISChttp://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
• VENDOR_ADVISORYhttps://usn.ubuntu.com/271-1/
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1955
• VENDOR_ADVISORYhttp://secunia.com/advisories/19714
• MISChttp://www.redhat.com/support/errata/RHSA-2006-0329.html
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
• VENDOR_ADVISORYhttp://secunia.com/advisories/19811
• VENDOR_ADVISORYhttp://secunia.com/advisories/19794
• VENDOR_ADVISORYhttp://secunia.com/advisories/19746
• VENDOR_ADVISORYhttp://secunia.com/advisories/21033
• MISChttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
• VENDOR_ADVISORYhttp://secunia.com/advisories/19696
• VENDOR_ADVISORYhttp://secunia.com/advisories/19759
• MAILING_LISThttp://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
• MISChttp://www.securityfocus.com/archive/1/436338/100/0/threaded
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1356
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9604
• MISChttp://www.securityfocus.com/archive/1/438730/100/0/threaded
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/25820
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:078
• VENDOR_ADVISORYhttp://secunia.com/advisories/19729
• VENDOR_ADVISORYhttp://secunia.com/advisories/20051
• VENDOR_ADVISORYhttp://secunia.com/advisories/19863
• MISCftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
• MISChttp://www.securityfocus.com/archive/1/436296/100/0/threaded
• MISChttp://www.securityfocus.com/bid/17516
• MISChttp://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
• MISChttp://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/19852
• VENDOR_ADVISORYhttp://secunia.com/advisories/19721
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2006_04_25.html
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/3391
• VENDOR_ADVISORYhttp://secunia.com/advisories/19631
• VENDOR_ADVISORYhttp://secunia.com/advisories/19950
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:076
• VENDOR_ADVISORYhttp://www.debian.org/security/2006/dsa-1046
• VENDOR_ADVISORYhttp://www.debian.org/security/2006/dsa-1044