CVE-2006-0296 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-0296
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0296

Description: The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/24434 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-275-1 http://www.ubuntulinux.org/support/documentation/usn/usn-276-1 http://www.ubuntulinux.org/support/documentation/usn/usn-271-1 SUSE http://www.novell.com/linux/security/advisories/2006_04_25.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 ST 1015570 SGI SCO SAID Secunia Advisory: SA20051 Secunia Advisory: SA19780 Secunia Advisory: SA21622 Secunia Advisory: SA21033 Secunia Advisory: SA19746 Secunia Advisory: SA19941 Secunia Advisory: SA19950 Secunia Advisory: SA19902 Secunia Advisory: SA19863 Secunia Advisory: SA19862 Secunia Advisory: SA19852 Secunia Advisory: SA19823 Secunia Advisory: SA19821 Secunia Advisory: SA19759 Secunia Advisory: SA19230 Secunia Advisory: SA18706 Secunia Advisory: SA18705 Secunia Advisory: SA18709 Secunia Advisory: SA18708 Secunia Advisory: SA18704 Secunia Advisory: SA18700 Secunia Advisory: SA18703 Secunia Advisory: SA22065 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0330.html http://www.redhat.com/support/errata/RHSA-2006-0200.html http://www.redhat.com/support/errata/RHSA-2006-0199.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1493 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 http://www.mandriva.com/security/advisories?name=MDKSA-2006:036 HP http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded GENTOO http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml FEDORA http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html http://www.securityfocus.com/archive/1/archive/1/425978/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/425975/100/0/threaded http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html DEBIAN http://www.debian.org/security/2006/dsa-1044 http://www.debian.org/security/2006/dsa-1051 http://www.debian.org/security/2006/dsa-1046 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.mozilla.org/security/announce/2006/mfsa2006-05.html CERT-VN 592425 CERT http://www.us-cert.gov/cas/techalerts/TA06-038A.html BID 16476

Return to the previous page.