Launchpad.net

CVE 2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

Related bugs and status

CVE-2006-0296 (Candidate) is related to these bugs:

Bug #30978: CVE-2006-0296 Localstore.rdf XML injection through XULDocument.persist()

Summary				In	Importance	Status
	30978	CVE-2006-0296 Localstore.rdf XML injection through XULDocument.persist()		firefox (Ubuntu)	Medium	Fix Released

Bug #41096: update to thunderbird 1.5.0.2

Summary				In	Importance	Status
	41096	update to thunderbird 1.5.0.2		mozilla-thunderbird (Ubuntu)	Critical	Fix Released

Bug #41120: Update to 1.0.8 for Warty-Breezy

		In	Importance	Status
41120	Update to 1.0.8 for Warty-Breezy	mozilla-thunderbird (Ubuntu)	High	Invalid
41120	Update to 1.0.8 for Warty-Breezy	mozilla-thunderbird (Ubuntu Hoary)	Wishlist	Fix Released
41120	Update to 1.0.8 for Warty-Breezy	mozilla-thunderbird (Ubuntu Warty)	Wishlist	Invalid
41120	Update to 1.0.8 for Warty-Breezy	mozilla-thunderbird (Ubuntu Breezy)	Medium	Fix Released
41120	Update to 1.0.8 for Warty-Breezy	Juniper Openstack	Medium	In Progress
41120	Update to 1.0.8 for Warty-Breezy	Juniper Openstack trunk	Medium	In Progress

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2006-0296

Related bugs and status

Related bugs

References