Rapid7 Vulnerability & Exploit Database

Mozilla Firefox Javascript Image and Frame Cross-Site Scripting Vulnerability

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Mozilla Firefox Javascript Image and Frame Cross-Site Scripting Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

04/20/2006

Created

07/25/2018

Added

06/05/2006

Modified

02/13/2015

Description

Certain versions of Mozilla Firefox contain a flaw whereby arbitrary Javascript code can be executed in another domain if the user is tricked into selecting 'View Image' on a broken image, or by selecting 'Show only this frame' on an attacker-controlled frame. In such a situation, a remote attacker can launch a cross-site scripting attack against the local user.

Solution(s)

mozilla-firefox-upgrade-1_5_0_4
mozilla-firefox-upgrade-latest

References

https://attackerkb.com/topics/cve-2006-1942
APPLE-SA-2008-07-11
APPLE-SA-2009-06-08-1
18228
TA06-153A
237257
243153
421529
466673
575969
CVE - 2006-1942
CVE - 2006-2775
CVE - 2006-2776
CVE - 2006-2777
CVE - 2006-2778
CVE - 2006-2779
CVE - 2006-2780
CVE - 2006-2781
CVE - 2006-2782
CVE - 2006-2783
CVE - 2006-2784
CVE - 2006-2785
CVE - 2006-2786
CVE - 2006-2787
DSA-1118
DSA-1120
DSA-1134
DSA-1159
DSA-1160
24713
OVAL10247
OVAL10429
OVAL10545
OVAL10772
OVAL11305
OVAL9491
OVAL9703
OVAL9762
OVAL9768
OVAL9849
OVAL9966
RHSA-2006:0578
RHSA-2006:0594
RHSA-2006:0609
RHSA-2006:0610
RHSA-2006:0611
SUSE-SA:2006:035
http://www.frsirt.com/english/advisories/2006/2106
http://www.gavinsharp.com/tmp/ImageVuln.html
http://www.mozilla.org/security/announce/2006/mfsa2006-31.html
http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
http://www.mozilla.org/security/announce/2006/mfsa2006-33.html
http://www.mozilla.org/security/announce/2006/mfsa2006-34.html
http://www.mozilla.org/security/announce/2006/mfsa2006-35.html
http://www.mozilla.org/security/announce/2006/mfsa2006-36.html
http://www.mozilla.org/security/announce/2006/mfsa2006-37.html
http://www.mozilla.org/security/announce/2006/mfsa2006-38.html
http://www.mozilla.org/security/announce/2006/mfsa2006-39.html
http://www.mozilla.org/security/announce/2006/mfsa2006-40.html
http://www.mozilla.org/security/announce/2006/mfsa2006-41.html
http://www.mozilla.org/security/announce/2006/mfsa2006-42.html
http://www.mozilla.org/security/announce/2006/mfsa2006-43.html
http://www.networksecurity.fi/advisories/netscape-view-image.html
http://www.securityfocus.com/archive/1/archive/1/431267/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/433138/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/435795/100/0/threaded
http://www.ubuntulinux.org/support/documentation/usn/usn-296-1
http://www.ubuntulinux.org/support/documentation/usn/usn-297-1
https://bugzilla.mozilla.org/show_bug.cgi?id=334341
25925
26842
26843
26844
26845
26846
26847
26848
26849
26850
26851
26852
26853

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Mozilla Firefox Javascript Image and Frame Cross-Site Scripting Vulnerability

Mozilla Firefox Javascript Image and Frame Cross-Site Scripting Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.