Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0496Cross-site Scripting in Mozilla Firefox

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
10.8%
top 6.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mozilla FirefoxMozilla
Timeline
PublishedFeb 1
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox8 versions+7
NVDmozilla/mozilla11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-747m-cwr6-qmx3: Cross-site scripting (XSS) vulnerability in Mozilla 12022-05-01
CVEList
CVE-2006-0496: Cross-site scripting (XSS) vulnerability in Mozilla 12006-02-01

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 1.0/1.5 XBL - MOZ-BINDING Property Cross-Domain Scripting2006-01-30