CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
96.1%
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal “AnyName” object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | 1.5 | cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:* |
mozilla | firefox | 1.5 | cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* |
mozilla | seamonkey | 1.0 | cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:* |
mozilla | seamonkey | 1.0 | cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:* |
mozilla | thunderbird | 1.5 | cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:* |
secunia.com/advisories/18700
secunia.com/advisories/18704
secunia.com/advisories/22065
securitytracker.com/id?1015570
www.mozilla.org/security/announce/2006/mfsa2006-08.html
www.securityfocus.com/archive/1/446657/100/200/threaded
www.securityfocus.com/bid/16476
www.vupen.com/english/advisories/2006/0413
www.vupen.com/english/advisories/2006/3749
bugzilla.mozilla.org/show_bug.cgi?id=322312
exchange.xforce.ibmcloud.com/vulnerabilities/24437
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1625