VYPR
Unrated severityNVD Advisory· Published Apr 14, 2006· Updated Jun 16, 2026

CVE-2006-1731

CVE-2006-1731

Description

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

33
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=1.0.7
    • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
    • (no CPE)range: <1.5, <1.0.8
  • cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*range: <=1.7.12
    • cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
    • (no CPE)range: <1.7.13
  • cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:*:beta:*:*:*:*:*:*range: <=1.0
  • cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=1.0.7
    • cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
    • (no CPE)range: <1.5, <1.0.8

Patches

Vulnerability mechanics

References

55

News mentions

0

No linked articles in our index yet.