CVE-2006-0296 — Firefox vulnerability

16 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

41.2%

top 2.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird +2 more

Timeline

PublishedFeb 2

Latest updateMay 3

Description

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDmozilla/firefox16 versions+15

▶NVDmozilla/seamonkey1.0

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.1-1 (sid)

▶Debianmozilla/thunderbird< 1.5.0.2-1+3

▶debiandebian/thunderbird< firefox 1.5.dfsg+1.5.0.1-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-c65v-php3-gmxx: The XULDocument↗2022-05-03

▶

OSV

CVE-2006-0296: The XULDocument↗2006-02-02

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2006-05-03

▶

Ubuntu

Mozilla vulnerabilities↗2006-04-28

▶

Ubuntu

Firefox vulnerabilities↗2006-04-20

▶

Red Hat

security flaw↗2006-02-02

▶

Debian

CVE-2006-0296: firefox - The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonk...↗2006

▶

💬Community

Bugzilla

CVE-2006-0296 security flaw↗2018-08-16

▶

Bugzilla

Mozilla Thunderbird multiple vulnerabilities (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-0292, et al.)↗2006-04-22

▶

Bugzilla

CVE-2006-0296 XULDocument.persist() RDF data injection↗2006-04-17

▶

Bugzilla

CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 critical mozilla vulnerabilities↗2006-02-04

▶

Bugzilla

CVE-2006-0296 XULDocument.persist() RDF data injection↗2006-01-27

▶