Vulnerability Note VU#592425
Mozilla-based products fail to validate user input to the attribute name in "XULDocument.persist"
According to the Mozilla advisory on this issue:
This vulnerability affects Mozilla Firefox, SeaMonkey, Thunderbird, and potentially any other Mozilla-based application. The exploit code for this vulnerability could be remotely supplied through a web page or in an email message.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Fedora Project||Affected||-||03 Feb 2006|
|Mandriva, Inc.||Affected||-||08 Feb 2006|
|Red Hat, Inc.||Affected||-||08 Feb 2006|
|Mozilla, Inc.||Unknown||07 Feb 2006||07 Feb 2006|
CVSS Metrics (Learn More)
Thanks to the Mozilla Corporation for reporting this vulnerability. Mozilla, in turn, credits moz_bug_r_a4 with reporting this issue to them.
This document was written by Chad R Dougherty.
- CVE IDs: CVE-2006-0296
- Date Public: 02 Feb 2006
- Date First Published: 03 Feb 2006
- Date Last Updated: 08 Feb 2006
- Severity Metric: 17.10
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.