Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0299

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-0299
Last Modified 07 Mar 2011 09:29:44
Published 02 Feb 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0299

Summary

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.

Vulnerable Systems

Application

  • Mozilla Firefox 1.5

  • Mozilla Seamonkey 1.0

  • Mozilla Thunderbird 1.5


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=322312

VUPEN - ADV-2006-3749

VUPEN - ADV-2006-0413

HP - SSRT061236

XF - mozilla-e4x-security-bypass(24437)

BID - 16476

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-08.html

SECTRACK - 1015570

SECUNIA - 22065

SECUNIA - 18704

SECUNIA - 18700

HP - HPSBUX02156


Last Updated: 27 May 2016 10:42:34