PT-2006-1373 · Mozilla · Firefox+2

Brendan

Published

2006-02-02

Updated

2018-10-19

CVE-2006-0299

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 1.5.0.1 Thunderbird version 1.5 SeaMonkey versions prior to 1.0

Description The E4X implementation exposes the internal AnyName object to external interfaces, allowing multiple cooperating domains to exchange information in violation of the same origin restrictions.

Recommendations For Mozilla Firefox versions prior to 1.5.0.1, update to version 1.5.0.1 or later. For Thunderbird version 1.5, consider disabling Javascript in mail as a temporary workaround until a patch is available. For SeaMonkey versions prior to 1.0, update to version 1.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0299

Affected Products

Firefox

Seamonkey

Thunderbird

PT-2006-1373 · Mozilla · Firefox+2

CVE-2006-0299

Related Identifiers

Affected Products

References · 16