RedhatCVE-2006-0296CVE-2006-0296
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
99.5%
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user’s localstore.rdf file.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | 0.8 | cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:* |
| mozilla | firefox | 0.9 | cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:* |
| mozilla | firefox | 0.9 | cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:* |
| mozilla | firefox | 0.9.1 | cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* |
| mozilla | firefox | 0.9.2 | cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* |
| mozilla | firefox | 0.9.3 | cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* |
| mozilla | firefox | 0.10 | cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:* |
| mozilla | firefox | 0.10.1 | cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:* |
| mozilla | firefox | 1.0 | cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* |
| mozilla | firefox | 1.0.1 | cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* |
References
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
secunia.com/advisories/18700
secunia.com/advisories/18703
secunia.com/advisories/18704
secunia.com/advisories/18705
secunia.com/advisories/18706
secunia.com/advisories/18708
secunia.com/advisories/18709
secunia.com/advisories/19230
secunia.com/advisories/19746
secunia.com/advisories/19759
secunia.com/advisories/19780
secunia.com/advisories/19821
secunia.com/advisories/19823
secunia.com/advisories/19852
secunia.com/advisories/19862
secunia.com/advisories/19863
secunia.com/advisories/19902
secunia.com/advisories/19941
secunia.com/advisories/19950
secunia.com/advisories/20051
secunia.com/advisories/21033
secunia.com/advisories/21622
secunia.com/advisories/22065
securitytracker.com/id?1015570
sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
support.avaya.com/elmodocs2/security/ASA-2006-205.htm
www.debian.org/security/2006/dsa-1044
www.debian.org/security/2006/dsa-1046
www.debian.org/security/2006/dsa-1051
www.gentoo.org/security/en/glsa/glsa-200604-12.xml
www.gentoo.org/security/en/glsa/glsa-200604-18.xml
www.gentoo.org/security/en/glsa/glsa-200605-09.xml
www.kb.cert.org/vuls/id/592425
www.mandriva.com/security/advisories?name=MDKSA-2006:036
www.mandriva.com/security/advisories?name=MDKSA-2006:037
www.mandriva.com/security/advisories?name=MDKSA-2006:078
www.mozilla.org/security/announce/2006/mfsa2006-05.html
www.novell.com/linux/security/advisories/2006_04_25.html
www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html
www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html
www.redhat.com/support/errata/RHSA-2006-0199.html
www.redhat.com/support/errata/RHSA-2006-0200.html
www.redhat.com/support/errata/RHSA-2006-0330.html
www.securityfocus.com/archive/1/425975/100/0/threaded
www.securityfocus.com/archive/1/425978/100/0/threaded
www.securityfocus.com/archive/1/438730/100/0/threaded
www.securityfocus.com/archive/1/446657/100/200/threaded
www.securityfocus.com/bid/16476
www.us-cert.gov/cas/techalerts/TA06-038A.html
www.vupen.com/english/advisories/2006/0413
www.vupen.com/english/advisories/2006/3391
www.vupen.com/english/advisories/2006/3749
bugzilla.mozilla.org/show_bug.cgi?id=319847
exchange.xforce.ibmcloud.com/vulnerabilities/24434
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11803
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1493
usn.ubuntu.com/271-1/
usn.ubuntu.com/275-1/
usn.ubuntu.com/276-1/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
99.5%