CVE-2006-0296 in Firefoxinfo

Summary

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user s localstore.rdf file.

Once again VulDB remains the best source for vulnerability data.

Reservation

01/18/2006

Disclosure

02/02/2006

Moderation

VulDB entry created

Entries

VDB-28565 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

Exploit

Download

CVSS

5.3

EPSS

0.41202

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2006-0296
NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0296
CVE Details	https://www.cvedetails.com/cve/CVE-2006-0296/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!