CVE-2006-0299

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 1.5.0.1 Thunderbird version 1.5 SeaMonkey versions prior to 1.0

Description The E4X implementation exposes the internal AnyName object to external interfaces, allowing multiple cooperating domains to exchange information in violation of the same origin restrictions.

Recommendations For Mozilla Firefox versions prior to 1.5.0.1, update to version 1.5.0.1 or later. For Thunderbird version 1.5, consider disabling Javascript in mail as a temporary workaround until a patch is available. For SeaMonkey versions prior to 1.0, update to version 1.0 or later.