CVE-2006-0299Firefox vulnerability

4 documents4 sources
Severity
6.4MEDIUMNVD
EPSS
1.4%
top 19.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla ThunderbirdDebian FirefoxDebian Thunderbird+2 more
Timeline
PublishedFeb 2
Latest updateMay 1

Description

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages6 packages

Debianmozilla/thunderbird< 1.5.0.2-1+3
debiandebian/firefox< firefox 1.5.dfsg+1.5.0.1-1 (sid)

🔴Vulnerability Details

2
GHSA
GHSA-54xf-f642-5wh5: The E4X implementation in Mozilla Firefox before 12022-05-01
OSV
CVE-2006-0299: The E4X implementation in Mozilla Firefox before 12006-02-02

📋Vendor Advisories

1
Debian
CVE-2006-0299: firefox - The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if run...2006