New Search

The XULDocument.persist function in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 does not validate the attribute name which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

oval:org.mitre.oval:def:11803

The XULDocument.persist function in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 does not validate the attribute name which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 3
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • CentOS Linux 3
  • Oracle Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2006-0296
Product(s):