// For flags

CVE-2006-0296

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-01-18 CVE Reserved
  • 2006-02-02 CVE Published
  • 2024-05-24 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (64)
URL Tag Source
http://secunia.com/advisories/18700 Third Party Advisory
http://secunia.com/advisories/18703 Third Party Advisory
http://secunia.com/advisories/18704 Third Party Advisory
http://secunia.com/advisories/18705 Third Party Advisory
http://secunia.com/advisories/18706 Third Party Advisory
http://secunia.com/advisories/18708 Third Party Advisory
http://secunia.com/advisories/18709 Third Party Advisory
http://secunia.com/advisories/19230 Third Party Advisory
http://secunia.com/advisories/19746 Third Party Advisory
http://secunia.com/advisories/19759 Third Party Advisory
http://secunia.com/advisories/19780 Third Party Advisory
http://secunia.com/advisories/19821 Third Party Advisory
http://secunia.com/advisories/19823 Third Party Advisory
http://secunia.com/advisories/19852 Third Party Advisory
http://secunia.com/advisories/19862 Third Party Advisory
http://secunia.com/advisories/19863 Third Party Advisory
http://secunia.com/advisories/19902 Third Party Advisory
http://secunia.com/advisories/19941 Third Party Advisory
http://secunia.com/advisories/19950 Third Party Advisory
http://secunia.com/advisories/20051 Third Party Advisory
http://secunia.com/advisories/21033 Third Party Advisory
http://secunia.com/advisories/21622 Third Party Advisory
http://secunia.com/advisories/22065 Third Party Advisory
http://securitytracker.com/id?1015570 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm X_refsource_confirm
http://www.kb.cert.org/vuls/id/592425 Third Party Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-05.html X_refsource_confirm
http://www.securityfocus.com/bid/16476 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA06-038A.html Third Party Advisory
http://www.vupen.com/english/advisories/2006/0413 Vdb Entry
http://www.vupen.com/english/advisories/2006/3391 Vdb Entry
http://www.vupen.com/english/advisories/2006/3749 Vdb Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=319847 X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/24434 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11803 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1493 Signature
URL Date SRC
URL Date SRC
URL Date SRC
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt 2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U 2018-10-19
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 2018-10-19
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 2018-10-19
http://www.debian.org/security/2006/dsa-1044 2018-10-19
http://www.debian.org/security/2006/dsa-1046 2018-10-19
http://www.debian.org/security/2006/dsa-1051 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:036 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 2018-10-19
http://www.novell.com/linux/security/advisories/2006_04_25.html 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html 2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0199.html 2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0200.html 2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0330.html 2018-10-19
http://www.securityfocus.com/archive/1/425975/100/0/threaded 2018-10-19
http://www.securityfocus.com/archive/1/425978/100/0/threaded 2018-10-19
http://www.securityfocus.com/archive/1/438730/100/0/threaded 2018-10-19
http://www.securityfocus.com/archive/1/446657/100/200/threaded 2018-10-19
https://usn.ubuntu.com/271-1 2018-10-19
https://usn.ubuntu.com/275-1 2018-10-19
https://usn.ubuntu.com/276-1 2018-10-19
https://access.redhat.com/security/cve/CVE-2006-0296 2006-04-21
https://bugzilla.redhat.com/show_bug.cgi?id=1617880 2006-04-21
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
0.8
Search vendor "Mozilla" for product "Firefox" and version "0.8"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
0.9
Search vendor "Mozilla" for product "Firefox" and version "0.9"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
0.9
Search vendor "Mozilla" for product "Firefox" and version "0.9"
rc
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
0.9.1
Search vendor "Mozilla" for product "Firefox" and version "0.9.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
0.9.2
Search vendor "Mozilla" for product "Firefox" and version "0.9.2"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
0.9.3
Search vendor "Mozilla" for product "Firefox" and version "0.9.3"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
0.10
Search vendor "Mozilla" for product "Firefox" and version "0.10"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
0.10.1
Search vendor "Mozilla" for product "Firefox" and version "0.10.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.0
Search vendor "Mozilla" for product "Firefox" and version "1.0"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.0.1
Search vendor "Mozilla" for product "Firefox" and version "1.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.0.2
Search vendor "Mozilla" for product "Firefox" and version "1.0.2"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.0.3
Search vendor "Mozilla" for product "Firefox" and version "1.0.3"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.0.4
Search vendor "Mozilla" for product "Firefox" and version "1.0.4"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.0.5
Search vendor "Mozilla" for product "Firefox" and version "1.0.5"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.0.6
Search vendor "Mozilla" for product "Firefox" and version "1.0.6"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.0.6
Search vendor "Mozilla" for product "Firefox" and version "1.0.6"
linux
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.0.7
Search vendor "Mozilla" for product "Firefox" and version "1.0.7"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5
Search vendor "Mozilla" for product "Firefox" and version "1.5"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5
Search vendor "Mozilla" for product "Firefox" and version "1.5"
beta1
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
alpha
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
beta
Affected