CVE-2006-2785 — Cross-site Scripting in Firefox

14 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

2.0%

top 16.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Firefox Mozilla Firefox

Timeline

PublishedJun 2

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox1.5.0.3

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.4-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-g55j-rqcq-fhgc: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1↗2022-05-01

▶

📋Vendor Advisories

Ubuntu

mozilla vulnerabilities↗2006-07-26

▶

Ubuntu

Firefox vulnerabilities↗2006-07-25

▶

Ubuntu

firefox vulnerabilities↗2006-06-09

▶

Red Hat

security flaw↗2006-06-01

▶

Debian

CVE-2006-2785: firefox - Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allow...↗2006

▶

📄Research Papers

arXiv

DjangoChecker: Applying Extended Taint Tracking and Server Side Parsing for Detection of Context-Sensitive XSS Flaws↗2020-05-14

▶

💬Community

Bugzilla

CVE-2006-2785 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)↗2006-07-12

▶

Bugzilla

CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-2006-2783,CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)↗2006-06-28

▶

Bugzilla

CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)↗2006-06-27

▶

Bugzilla

CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)↗2006-06-27

▶