CVE-2006-1731

Priority
Description
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8,
Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object
class prototype instead of the global window object when (1) .valueOf.call
or (2) .valueOf.apply are called without any arguments, which allows remote
attackers to conduct cross-site scripting (XSS) attacks.
Notes
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-01-29 19:12:26 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)