DEBIAN-CVE-2006-1731

DEBIAN-CVE-2006-1731 PUBLISHED CVSS 9.300000190734863 CRITICAL

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:14	thunderbird	0, 0, 0
Debian:11	thunderbird	0, 0, 0
Debian:12	thunderbird	0, 0, 0
Debian:13	thunderbird	0, 0, 0

Timeline

Apr 14, 2006 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2006-1731 advisory

Open in Interactive Console →