ID CVE-2006-0296
Summary The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-10-2018 - 15:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2013-04-29T04:15:48.831-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
    family unix
    id oval:org.mitre.oval:def:11803
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
    version 24
  • accepted 2009-11-09T04:00:04.685-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Mike Lah
      organization The MITRE Corporation
    description The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
    family windows
    id oval:org.mitre.oval:def:1493
    status accepted
    submitted 2006-02-07T06:13:00.000-04:00
    title Mozilla XML Attribute Name Validation Vulnerability
    version 5
redhat via4
advisories
  • bugzilla
    id 179169
    title CVE-2006-0296 XULDocument.persist() RDF data injection
    oval
    OR
    • AND
      comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • AND
      comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    rhsa
    id RHSA-2006:0199
    released 2006-02-02
    severity Critical
    title RHSA-2006:0199: mozilla security update (Critical)
  • bugzilla
    id 179175
    title CVE-2006-0296 XULDocument.persist() RDF data injection
    oval
    AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhba:tst:20070304001
    rhsa
    id RHSA-2006:0200
    released 2006-02-02
    severity Critical
    title RHSA-2006:0200: firefox security update (Critical)
  • rhsa
    id RHSA-2006:0330
refmap via4
bid 16476
cert TA06-038A
cert-vn VU#592425
confirm
debian
  • DSA-1044
  • DSA-1046
  • DSA-1051
fedora
  • FEDORA-2006-075
  • FEDORA-2006-076
  • FLSA-2006:180036-2
  • FLSA:180036-1
gentoo
  • GLSA-200604-12
  • GLSA-200604-18
  • GLSA-200605-09
hp
  • HPSBUX02122
  • HPSBUX02156
  • SSRT061158
  • SSRT061236
mandriva
  • MDKSA-2006:036
  • MDKSA-2006:037
  • MDKSA-2006:078
sco SCOSA-2006.26
sectrack 1015570
secunia
  • 18700
  • 18703
  • 18704
  • 18705
  • 18706
  • 18708
  • 18709
  • 19230
  • 19746
  • 19759
  • 19780
  • 19821
  • 19823
  • 19852
  • 19862
  • 19863
  • 19902
  • 19941
  • 19950
  • 20051
  • 21033
  • 21622
  • 22065
sgi 20060201-01-U
sunalert
  • 102550
  • 228526
suse SUSE-SA:2006:022
ubuntu
  • USN-271-1
  • USN-275-1
  • USN-276-1
vupen
  • ADV-2006-0413
  • ADV-2006-3391
  • ADV-2006-3749
xf mozilla-xuldocument-command-execution(24434)
saint via4
bid 16476
description lla Firefox QueryInterface method memory corruption
id web_client_firefox
osvdb 22893
title firefox_queryinterface
type client
Last major update 19-10-2018 - 15:43
Published 02-02-2006 - 20:06
Back to Top