CVE-2006-2785

Severity

43%

Complexity

86%

Confidentiality

48%

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 18 years ago

2006-06-02 19:02:00

Last updated 6 years ago

2018-10-18 16:42:00

Affected Software

Mozilla Firefox

References

RHSA-2006:0609

20376

20561

21134

21176

21178

21183

21188

21269

21270

21324

21336

21532

21631

22066

1016202

DSA-1118

DSA-1120

DSA-1134

GLSA-200606-12

MDKSA-2006:143

MDKSA-2006:145

http://www.mozilla.org/security/announce/2006/mfsa2006-34.html

Vendor Advisory

SUSE-SA:2006:035

RHSA-2006:0578

RHSA-2006:0594

RHSA-2006:0610

RHSA-2006:0611

20060602 rPSA-2006-0091-1 firefox thunderbird

SSRT061181

18228

ADV-2006-2106

ADV-2006-3748

ADV-2008-0083

mozilla-viewimage-xss(26845)

oval:org.mitre.oval:def:10545

USN-296-1

USN-296-2

USN-323-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.