ID CVE-2006-0296
Summary The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-10-2018 - 15:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2013-04-29T04:15:48.831-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
    family unix
    id oval:org.mitre.oval:def:11803
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
    version 30
  • accepted 2009-11-09T04:00:04.685-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Mike Lah
      organization The MITRE Corporation
    description The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
    family windows
    id oval:org.mitre.oval:def:1493
    status accepted
    submitted 2006-02-07T06:13:00.000-04:00
    title Mozilla XML Attribute Name Validation Vulnerability
    version 5
redhat via4
advisories
  • bugzilla
    id 1617880
    title CVE-2006-0296 security flaw
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • comment firefox is earlier than 0:1.0.7-1.4.3
        oval oval:com.redhat.rhsa:tst:20060200001
      • comment firefox is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20060200002
    rhsa
    id RHSA-2006:0200
    released 2006-02-02
    severity Critical
    title RHSA-2006:0200: firefox security update (Critical)
  • rhsa
    id RHSA-2006:0199
  • rhsa
    id RHSA-2006:0330
rpms
  • firefox-0:1.0.7-1.4.3
  • firefox-debuginfo-0:1.0.7-1.4.3
  • thunderbird-0:1.0.8-1.4.1
  • thunderbird-debuginfo-0:1.0.8-1.4.1
refmap via4
bid 16476
cert TA06-038A
cert-vn VU#592425
confirm
debian
  • DSA-1044
  • DSA-1046
  • DSA-1051
fedora
  • FEDORA-2006-075
  • FEDORA-2006-076
  • FLSA-2006:180036-2
  • FLSA:180036-1
gentoo
  • GLSA-200604-12
  • GLSA-200604-18
  • GLSA-200605-09
hp
  • HPSBUX02122
  • HPSBUX02156
  • SSRT061158
  • SSRT061236
mandriva
  • MDKSA-2006:036
  • MDKSA-2006:037
  • MDKSA-2006:078
sco SCOSA-2006.26
sectrack 1015570
secunia
  • 18700
  • 18703
  • 18704
  • 18705
  • 18706
  • 18708
  • 18709
  • 19230
  • 19746
  • 19759
  • 19780
  • 19821
  • 19823
  • 19852
  • 19862
  • 19863
  • 19902
  • 19941
  • 19950
  • 20051
  • 21033
  • 21622
  • 22065
sgi 20060201-01-U
sunalert
  • 102550
  • 228526
suse SUSE-SA:2006:022
ubuntu
  • USN-271-1
  • USN-275-1
  • USN-276-1
vupen
  • ADV-2006-0413
  • ADV-2006-3391
  • ADV-2006-3749
xf mozilla-xuldocument-command-execution(24434)
saint via4
bid 16476
description Mozilla Firefox QueryInterface method memory corruption
id web_client_firefox
osvdb 22893
title firefox_queryinterface
type client
Last major update 19-10-2018 - 15:43
Published 02-02-2006 - 20:06
Last modified 19-10-2018 - 15:43
Back to Top