Vulnerability Description
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 1.5 |
| Mozilla | Seamonkey | 1.0 |
| Mozilla | Thunderbird | 1.5 |
References
- http://secunia.com/advisories/18700
- http://secunia.com/advisories/18704
- http://secunia.com/advisories/22065
- http://securitytracker.com/id?1015570
- http://www.mozilla.org/security/announce/2006/mfsa2006-08.html
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
- http://www.securityfocus.com/bid/16476
- http://www.vupen.com/english/advisories/2006/0413
- http://www.vupen.com/english/advisories/2006/3749
- https://bugzilla.mozilla.org/show_bug.cgi?id=322312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24437
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/18700
- http://secunia.com/advisories/18704
- http://secunia.com/advisories/22065
FAQ
What is CVE-2006-0299?
CVE-2006-0299 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which al...
How severe is CVE-2006-0299?
CVE-2006-0299 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0299?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.