New Search

Mozilla "AnyName" Entrainment and Access Control Hazard

oval:org.mitre.oval:def:1625

The E4X implementation in Mozilla Firefox before 1.5.0.1 Thunderbird 1.5 if running Javascript in mail and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows NT
  • Microsoft Windows XP
  • Microsoft Windows 2000
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2006-0299
Product(s):
  • mozilla