CVE-2006-1273 (CNNVD-200603-321)
中文标题:
Mozilla Firefox onload和onmouseover脚本拒绝服务漏洞
英文标题:
Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via a...
漏洞描述
中文描述:
** 有异议 ** Mozilla Firefox 1.0.7和1.5.0.1可以让远程攻击者通过以下途径制造拒绝服务(崩溃):一个带大量诸如onload和onmouseover脚本操作句柄的HTML标识, 当用户查看网页源代码时会引起崩溃。注:Red Hat已讨论过此问题,认为"报告人可能在运行IE Tab 扩展",而且Mozilla也证实这不是Firefox本身问题。
英文描述:
Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that "It is likely the reporter was running the IE Tab extension," and Mozilla also confirmed that this is not an issue in Firefox itself
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| mozilla | firefox | 1.0.7 | - | - |
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
|
| mozilla | firefox | 1.5.0.1 | - | - |
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
AV:N/AC:L/Au:N/C:N/I:N/A:C
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2006-1273 |
2025-11-11 15:17:40 | 2025-11-11 07:32:32 |
| NVD | nvd_CVE-2006-1273 |
2025-11-11 14:51:48 | 2025-11-11 07:41:18 |
| CNNVD | cnnvd_CNNVD-200603-321 |
2025-11-11 15:08:50 | 2025-11-11 07:49:05 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200603-321
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.8
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:N/I:N/A:C
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']