[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250108

 
 

909

 
 

196064

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0296Date: (C)2006-02-02   (M)2024-03-27


The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1015570
SUNALERT-102550
BID-16476
SECUNIA-18700
SECUNIA-18703
SECUNIA-18704
SECUNIA-18705
SECUNIA-18706
SECUNIA-18708
SECUNIA-18709
SECUNIA-19230
SECUNIA-19746
SECUNIA-19759
SECUNIA-19780
SECUNIA-19821
SECUNIA-19823
SECUNIA-19852
SECUNIA-19862
SECUNIA-19863
SECUNIA-19902
SECUNIA-19941
SECUNIA-19950
SECUNIA-20051
20060201-01-U
SECUNIA-21033
SECUNIA-21622
SECUNIA-22065
SUNALERT-228526
ADV-2006-0413
ADV-2006-3391
ADV-2006-3749
DSA-1044
DSA-1046
DSA-1051
FEDORA-2006-075
FEDORA-2006-076
FLSA-2006:180036-2
FLSA:180036-1
GLSA-200604-12
GLSA-200604-18
GLSA-200605-09
HPSBUX02122
MDKSA-2006:036
MDKSA-2006:037
MDKSA-2006:078
RHSA-2006:0199
RHSA-2006:0200
RHSA-2006:0330
SCOSA-2006.26
SSRT061236
SUSE-SA:2006:022
TA06-038A
USN-271-1
USN-275-1
USN-276-1
VU#592425
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.mozilla.org/security/announce/2006/mfsa2006-05.html
https://bugzilla.mozilla.org/show_bug.cgi?id=319847
mozilla-xuldocument-command-execution(24434)
oval:org.mitre.oval:def:11803
oval:org.mitre.oval:def:1493

CPE    19
cpe:/a:mozilla:firefox:0.10.1
cpe:/a:mozilla:firefox:1.5:beta1
cpe:/a:mozilla:seamonkey:1.0:beta
cpe:/a:mozilla:firefox:0.8
...
OVAL    1
oval:org.mitre.oval:def:1493

© SecPod Technologies