Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2006-0296

Опубликовано: 02 фев. 2006
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 5

Описание

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

РелизСтатусПримечание
dapper

released

1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
edgy

released

2.0.0.6+0dfsg-0ubuntu0.6.10
feisty

released

2.0.0.6+1-0ubuntu1
upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

3.0~alpha7-0ubuntu6
edgy

DNE

feisty

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

0.5-0ubuntu4
edgy

DNE

feisty

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

0.1.6b-0ubuntu2
edgy

DNE

feisty

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

released

1.5.0.13-0ubuntu0.6.06
devel

DNE

edgy

released

1.5.0.13-0ubuntu0.6.10
feisty

released

1.5.0.13-0ubuntu0.7.04
upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 97%
0.41202
Средний

5 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2006-0296

redhat
больше 19 лет назад

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

nvd логотип

CVE-2006-0296

nvd
больше 19 лет назад

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

debian логотип

CVE-2006-0296

debian
больше 19 лет назад

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, a ...

github логотип

GHSA-c65v-php3-gmxx

github
больше 3 лет назад

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

EPSS

Процентиль: 97%
0.41202
Средний

5 Medium

CVSS2