| ID |
CVE-2006-0299
|
| Summary |
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
-
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
-
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
-
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
-
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 6.4 (as of 19-10-2018 - 15:44) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
| oval
via4
|
| accepted | 2009-11-09T04:00:09.313-05:00 | | class | vulnerability | | contributors | | name | Robert L. Hollis | | organization | ThreatGuard, Inc. |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| name | Mike Lah | | organization | The MITRE Corporation |
| | description | The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. | | family | windows | | id | oval:org.mitre.oval:def:1625 | | status | accepted | | submitted | 2006-02-07T06:13:00.000-04:00 | | title | Mozilla "AnyName" Entrainment and Access Control Hazard | | version | 5 |
|
| refmap
via4
|
| bid | 16476 | | confirm | | | hp | | | sectrack | 1015570 | | secunia | | | vupen | - ADV-2006-0413
- ADV-2006-3749
| | xf | mozilla-e4x-security-bypass(24437) |
|
| saint
via4
|
| bid | 16476 | | description | Mozilla Firefox QueryInterface method memory corruption | | id | web_client_firefox | | osvdb | 22893 | | title | firefox_queryinterface | | type | client |
|
| Last major update |
19-10-2018 - 15:44 |
| Published |
02-02-2006 - 23:06 |
| Last modified |
19-10-2018 - 15:44 |
