CVE-2006-0299 Information
Description
The E4X implementation in Mozilla Firefox before 1.5.0.1 Thunderbird 1.5 if running Javascript in mail and SeaMonkey before 1.0 exposes the internal \AnyName\ object to external interfaces which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.
Reference
http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.mozilla.org/security/announce/2006/mfsa2006-08.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3749 https://bugzilla.mozilla.org/show_bug.cgi?id=322312 https://exchange.xforce.ibmcloud.com/vulnerabilities/24437 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1625
Share on: