VDB
CVE-2006-0296
CVE-2006-0296
PUBLISHED
CVSS 5 MEDIUM
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
EPSS 41.20% · 97.5th percentile
Risk Scores
CVSS v2.0
5
EPSS Score
41.20%
97.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| mozilla | seamonkey | 1.0, 1.0 |
| mozilla | firefox | 0.9, 0.9.1, 0.9.3 |
Timeline
- Feb 2, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- MDKSA-2006:036 vendor-advisory
- USN-275-1 vendor-advisory
- RHSA-2006:0330 vendor-advisory
- 19902 third-party-advisory
- MDKSA-2006:037 vendor-advisory
- USN-276-1 vendor-advisory
- HPSBUX02122 vendor-advisory
- 19941 third-party-advisory
- 19780 third-party-advisory
- 19821 third-party-advisory
- FEDORA-2006-075 vendor-advisory
- GLSA-200604-12 vendor-advisory
- 21622 third-party-advisory
- 19862 third-party-advisory
- 19230 third-party-advisory
- 18704 third-party-advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm url
- 19823 third-party-advisory
- DSA-1051 vendor-advisory
- 18709 third-party-advisory
…and 46 more