CVE-2006-0296

Severity

50%

Complexity

99%

Confidentiality

48%

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

Type

Mozilla

First reported 19 years ago

2006-02-02 20:06:00

Last updated 6 years ago

2018-10-19 15:43:00

Affected Software

Mozilla Firefox 0.8

0.8

Mozilla Firefox 0.9

0.9

Mozilla Firefox 0.9 rc

0.9

Mozilla Firefox 0.9.1

0.9.1

Mozilla Firefox 0.9.2

0.9.2

Mozilla Firefox 0.9.3

0.9.3

Mozilla Firefox 0.10

0.10

Mozilla Firefox 0.10.1

0.10.1

Mozilla Firefox 1.0

1.0

Mozilla Firefox 1.0.1

1.0.1

Mozilla Firefox 1.0.2

1.0.2

Mozilla Firefox 1.0.3

1.0.3

Mozilla Firefox 1.0.4

1.0.4

Mozilla Firefox 1.0.5

1.0.5

Mozilla Firefox 1.0.6

1.0.6

Mozilla Firefox 1.0.7

1.0.7

Mozilla Firefox 1.5

1.5

Mozilla Firefox 1.5 Beta 1

1.5

Mozilla SeaMonkey 1.0 beta

1.0

References

SCOSA-2006.26

20060201-01-U

18700

18703

18704

18705

18706

18708

18709

19230

19746

19759

19780

19821

19823

19852

19862

19863

19902

19941

19950

20051

21033

21622

22065

1015570

102550

228526

http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

DSA-1044

DSA-1046

DSA-1051

GLSA-200604-12

GLSA-200604-18

GLSA-200605-09

VU#592425

US Government Resource

MDKSA-2006:036

MDKSA-2006:037

MDKSA-2006:078

http://www.mozilla.org/security/announce/2006/mfsa2006-05.html

SUSE-SA:2006:022

FEDORA-2006-075

FEDORA-2006-076

RHSA-2006:0199

Vendor Advisory

RHSA-2006:0200

Vendor Advisory

RHSA-2006:0330

FLSA:180036-1

FLSA-2006:180036-2

HPSBUX02122

SSRT061236

16476

TA06-038A

US Government Resource

ADV-2006-0413

ADV-2006-3391

ADV-2006-3749

https://bugzilla.mozilla.org/show_bug.cgi?id=319847

mozilla-xuldocument-command-execution(24434)

oval:org.mitre.oval:def:11803

oval:org.mitre.oval:def:1493

USN-271-1

USN-275-1

USN-276-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.