4.3

CVE-2006-0496

Exploit

EPSS 11.45%
Published 01.02.2006 02:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version1.0

Mozilla ≫ Firefox Version1.0.1

Mozilla ≫ Firefox Version1.0.2

Mozilla ≫ Firefox Version1.0.3

Mozilla ≫ Firefox Version1.0.4

Mozilla ≫ Firefox Version1.0.5

Mozilla ≫ Firefox Version1.0.6

Mozilla ≫ Firefox Version1.0.7

Mozilla ≫ Mozilla Version1.7

Mozilla ≫ Mozilla Version1.7 Updatealpha

Mozilla ≫ Mozilla Version1.7 Updatebeta

Mozilla ≫ Mozilla Version1.7 Updaterc1

Mozilla ≫ Mozilla Version1.7 Updaterc2

Mozilla ≫ Mozilla Version1.7 Updaterc3

Mozilla ≫ Mozilla Version1.7.1

Mozilla ≫ Mozilla Version1.7.2

Mozilla ≫ Mozilla Version1.7.3

Mozilla ≫ Mozilla Version1.7.5

Mozilla ≫ Mozilla Version1.7.6

Mozilla ≫ Mozilla Version1.7.7

Mozilla ≫ Mozilla Version1.7.8

Mozilla ≫ Mozilla Version1.7.10

Mozilla ≫ Mozilla Version1.7.11

Mozilla ≫ Mozilla Version1.7.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	11.45%	0.933

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://community.livejournal.com/lj_dev/708069.html

http://marc.info/?l=full-disclosure&m=113847912709062&w=2

http://securitytracker.com/id?1015553

http://securitytracker.com/id?1015563

http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html

http://www.osvdb.org/22924

http://www.securityfocus.com/bid/16427

Exploit

http://www.vupen.com/english/advisories/2006/0403

https://bugzilla.mozilla.org/show_bug.cgi?id=324253

https://exchange.xforce.ibmcloud.com/vulnerabilities/24427

https://nvd.nist.gov/vuln/detail/CVE-2006-0496

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0496

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0496

EUVD