Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0296

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0296
Last Modified 07 Mar 2011 09:29:44
Published 02 Feb 2006 03:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0296

Summary

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

Vulnerable Systems

Application

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.5

  • Mozilla Seamonkey 1.0


References

CERT - TA06-038A

CERT-VN - VU#592425

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=319847

VUPEN - ADV-2006-3749

VUPEN - ADV-2006-3391

VUPEN - ADV-2006-0413

HP - SSRT061236

HP - SSRT061158

REDHAT - RHSA-2006:0200

REDHAT - RHSA-2006:0199

SUSE - SUSE-SA:2006:004

SUNALERT - 228526

XF - mozilla-xuldocument-command-execution(24434)

UBUNTU - USN-276-1

UBUNTU - USN-275-1

UBUNTU - USN-271-1

BID - 16476

HP - HPSBUX02156

FEDORA - FLSA-2006:180036-2

FEDORA - FLSA:180036-1

REDHAT - RHSA-2006:0330

FEDORA - FEDORA-2006-076

FEDORA - FEDORA-2006-075

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-05.html

MANDRIVA - MDKSA-2006:078

MANDRIVA - MDKSA-2006:037

MANDRIVA - MDKSA-2006:036

GENTOO - GLSA-200605-09

GENTOO - GLSA-200604-18

GENTOO - GLSA-200604-12

DEBIAN - DSA-1051

DEBIAN - DSA-1046

DEBIAN - DSA-1044

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

SUNALERT - 102550

SECTRACK - 1015570

SECUNIA - 22065

SECUNIA - 21622

SECUNIA - 21033

SECUNIA - 20051

SECUNIA - 19950

SECUNIA - 19941

SECUNIA - 19902

SECUNIA - 19863

SECUNIA - 19862

SECUNIA - 19852

SECUNIA - 19823

SECUNIA - 19821

SECUNIA - 19780

SECUNIA - 19759

SECUNIA - 19746

SECUNIA - 19230

SECUNIA - 18709

SECUNIA - 18708

SECUNIA - 18706

SECUNIA - 18705

SECUNIA - 18704

SECUNIA - 18703

SECUNIA - 18700

SGI - 20060201-01-U

SCO - SCOSA-2006.26

HP - HPSBUX02122

SUSE - SUSE-SA:2006:022


Last Updated: 27 May 2016 10:42:34