New Search

The XULDocument.persist function in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 does not validate the attribute name which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

oval:org.mitre.oval:def:11803

The XULDocument.persist function in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 does not validate the attribute name which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 3
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • Red Hat Enterprise Linux 3
  • CentOS Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2006-0296
Product(s):