5

CVE-2006-0296

EPSS 41.2%
Veröffentlicht 02.02.2006 20:06:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 65

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version0.8

Mozilla ≫ Firefox Version0.9

Mozilla ≫ Firefox Version0.9 Updaterc

Mozilla ≫ Firefox Version0.9.1

Mozilla ≫ Firefox Version0.9.2

Mozilla ≫ Firefox Version0.9.3

Mozilla ≫ Firefox Version0.10

Mozilla ≫ Firefox Version0.10.1

Mozilla ≫ Firefox Version1.0

Mozilla ≫ Firefox Version1.0.1

Mozilla ≫ Firefox Version1.0.2

Mozilla ≫ Firefox Version1.0.3

Mozilla ≫ Firefox Version1.0.4

Mozilla ≫ Firefox Version1.0.5

Mozilla ≫ Firefox Version1.0.6

Mozilla ≫ Firefox Version1.0.6 Editionlinux

Mozilla ≫ Firefox Version1.0.7

Mozilla ≫ Firefox Version1.5

Mozilla ≫ Firefox Version1.5 Updatebeta1

Mozilla ≫ Seamonkey Version1.0 Editionalpha

Mozilla ≫ Seamonkey Version1.0 Updatebeta

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	41.2%	0.971

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

http://secunia.com/advisories/19823

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://secunia.com/advisories/19863

http://secunia.com/advisories/19941

http://www.debian.org/security/2006/dsa-1046

http://www.debian.org/security/2006/dsa-1051

ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U

http://secunia.com/advisories/19230

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

http://secunia.com/advisories/18700

http://secunia.com/advisories/18704

http://secunia.com/advisories/18705

http://secunia.com/advisories/18706

http://secunia.com/advisories/18708

http://secunia.com/advisories/18709

http://secunia.com/advisories/19746

http://secunia.com/advisories/19759

http://secunia.com/advisories/19852

http://secunia.com/advisories/19862

http://secunia.com/advisories/19902

http://secunia.com/advisories/21033

http://secunia.com/advisories/21622

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

http://www.debian.org/security/2006/dsa-1044

http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:036

http://www.mandriva.com/security/advisories?name=MDKSA-2006:037

http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html

http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html

http://www.redhat.com/support/errata/RHSA-2006-0199.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2006-0200.html

Vendor Advisory

http://www.securityfocus.com/archive/1/425975/100/0/threaded

http://www.securityfocus.com/archive/1/425978/100/0/threaded

http://www.securityfocus.com/archive/1/438730/100/0/threaded

http://www.securityfocus.com/bid/16476

http://www.vupen.com/english/advisories/2006/0413

http://www.vupen.com/english/advisories/2006/3391

https://usn.ubuntu.com/271-1/

https://usn.ubuntu.com/275-1/

http://secunia.com/advisories/18703

http://secunia.com/advisories/19780

http://secunia.com/advisories/19821

http://secunia.com/advisories/19950

http://secunia.com/advisories/20051

http://secunia.com/advisories/22065

http://securitytracker.com/id?1015570

http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:078

http://www.redhat.com/support/errata/RHSA-2006-0330.html

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.vupen.com/english/advisories/2006/3749

https://usn.ubuntu.com/276-1/

http://www.us-cert.gov/cas/techalerts/TA06-038A.html

US Government Resource

http://www.kb.cert.org/vuls/id/592425

US Government Resource

http://www.mozilla.org/security/announce/2006/mfsa2006-05.html

https://bugzilla.mozilla.org/show_bug.cgi?id=319847

https://exchange.xforce.ibmcloud.com/vulnerabilities/24434

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11803

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1493

https://nvd.nist.gov/vuln/detail/CVE-2006-0296

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0296

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0296

EUVD