Lucene search

RedhatCVELIST:CVE-2006-0296

HistoryFeb 02, 2006 - 8:00 p.m.

CVE-2006-0296

2006-02-0220:00:00

redhat

www.cve.org

AI Score

6.9

Confidence

Low

EPSS

0.961

Percentile

99.5%

JSON

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user’s localstore.rdf file.

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U

secunia.com/advisories/18700

secunia.com/advisories/18703

secunia.com/advisories/18704

secunia.com/advisories/18705

secunia.com/advisories/18706

secunia.com/advisories/18708

secunia.com/advisories/18709

secunia.com/advisories/19230

secunia.com/advisories/19746

secunia.com/advisories/19759

secunia.com/advisories/19780

secunia.com/advisories/19821

secunia.com/advisories/19823

secunia.com/advisories/19852

secunia.com/advisories/19862

secunia.com/advisories/19863

secunia.com/advisories/19902

secunia.com/advisories/19941

secunia.com/advisories/19950

secunia.com/advisories/20051

secunia.com/advisories/21033

secunia.com/advisories/21622

secunia.com/advisories/22065

securitytracker.com/id?1015570

sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

support.avaya.com/elmodocs2/security/ASA-2006-205.htm

www.debian.org/security/2006/dsa-1044

www.debian.org/security/2006/dsa-1046

www.debian.org/security/2006/dsa-1051

www.gentoo.org/security/en/glsa/glsa-200604-12.xml

www.gentoo.org/security/en/glsa/glsa-200604-18.xml

www.gentoo.org/security/en/glsa/glsa-200605-09.xml

www.kb.cert.org/vuls/id/592425

www.mandriva.com/security/advisories?name=MDKSA-2006:036

www.mandriva.com/security/advisories?name=MDKSA-2006:037

www.mandriva.com/security/advisories?name=MDKSA-2006:078

www.mozilla.org/security/announce/2006/mfsa2006-05.html

www.novell.com/linux/security/advisories/2006_04_25.html

www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html

www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html

www.redhat.com/support/errata/RHSA-2006-0199.html

www.redhat.com/support/errata/RHSA-2006-0200.html

www.redhat.com/support/errata/RHSA-2006-0330.html

www.securityfocus.com/archive/1/425975/100/0/threaded

www.securityfocus.com/archive/1/425978/100/0/threaded

www.securityfocus.com/archive/1/438730/100/0/threaded

www.securityfocus.com/archive/1/446657/100/200/threaded

www.securityfocus.com/bid/16476

www.us-cert.gov/cas/techalerts/TA06-038A.html

www.vupen.com/english/advisories/2006/0413

www.vupen.com/english/advisories/2006/3391

www.vupen.com/english/advisories/2006/3749

bugzilla.mozilla.org/show_bug.cgi?id=319847

exchange.xforce.ibmcloud.com/vulnerabilities/24434

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11803

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1493

usn.ubuntu.com/271-1/

usn.ubuntu.com/275-1/

usn.ubuntu.com/276-1/