New Search

Mozilla "AnyName" Entrainment and Access Control Hazard

oval:org.mitre.oval:def:1625

The E4X implementation in Mozilla Firefox before 1.5.0.1 Thunderbird 1.5 if running Javascript in mail and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows NT
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2006-0299
Product(s):
  • mozilla