CVE-2006-0296 Information

Feb 14, 2021 cve

Description

The XULDocument.persist function in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 does not validate the attribute name which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user’s localstore.rdf file.

Reference

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://secunia.com/advisories/18700 http://secunia.com/advisories/18703 http://secunia.com/advisories/18704 http://secunia.com/advisories/18705 http://secunia.com/advisories/18706 http://secunia.com/advisories/18708 http://secunia.com/advisories/18709 http://secunia.com/advisories/19230 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http://secunia.com/advisories/19780 http://secunia.com/advisories/19821 http://secunia.com/advisories/19823 http://secunia.com/advisories/19852 http://secunia.com/advisories/19862 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http://secunia.com/advisories/19941 http://secunia.com/advisories/19950 http://secunia.com/advisories/20051 http://secunia.com/advisories/21033 http://secunia.com/advisories/21622 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.debian.org/security/2006/dsa-1044 http://www.debian.org/security/2006/dsa-1046 http://www.debian.org/security/2006/dsa-1051 http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml http://www.kb.cert.org/vuls/id/592425 http://www.mandriva.com/security/advisories?name=MDKSA-2006:036 http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 http://www.mozilla.org/security/announce/2006/mfsa2006-05.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html http://www.redhat.com/support/errata/RHSA-2006-0199.html http://www.redhat.com/support/errata/RHSA-2006-0200.html http://www.redhat.com/support/errata/RHSA-2006-0330.html http://www.securityfocus.com/archive/1/425975/100/0/threaded http://www.securityfocus.com/archive/1/425978/100/0/threaded http://www.securityfocus.com/archive/1/438730/100/0/threaded http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16476 http://www.us-cert.gov/cas/techalerts/TA06-038A.html http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3391 http://www.vupen.com/english/advisories/2006/3749 https://bugzilla.mozilla.org/show_bug.cgi?id=319847 https://exchange.xforce.ibmcloud.com/vulnerabilities/24434 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11803 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1493 https://usn.ubuntu.com/271-1/ https://usn.ubuntu.com/275-1/ https://usn.ubuntu.com/276-1/

Share on: