Rapid7 Vulnerability & Exploit Database

MFSA2006-05 SeaMonkey: Localstore.rdf XML injection through XULDocument.persist() (CVE-2006-0296)

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

MFSA2006-05 SeaMonkey: Localstore.rdf XML injection through XULDocument.persist() (CVE-2006-0296)

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

02/02/2006

Created

07/25/2018

Added

11/21/2013

Modified

10/05/2018

Description

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

Solution(s)

mozilla-seamonkey-upgrade-1_0_0

References

https://attackerkb.com/topics/cve-2006-0296
16476
TA06-038A
592425
CVE - 2006-0296
DSA-1044
DSA-1046
DSA-1051
OVAL11803
OVAL1493
RHSA-2006:0199
RHSA-2006:0200
RHSA-2006:0330
20060201-01-U
SUSE-SA:2006:022
http://www.mozilla.org/security/announce/2006/mfsa2006-05.html
24434

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

MFSA2006-05 SeaMonkey: Localstore.rdf XML injection through XULDocument.persist() (CVE-2006-0296)

MFSA2006-05 SeaMonkey: Localstore.rdf XML injection through XULDocument.persist() (CVE-2006-0296)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.