CVE-2006-1731 (retired)

Priority
Description
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8,
Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object
class prototype instead of the global window object when (1) .valueOf.call
or (2) .valueOf.apply are called without any arguments, which allows remote
attackers to conduct cross-site scripting (XSS) attacks.
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-08-23 08:08:56 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)