CVE-2006-0299

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.

References

http://secunia.com/advisories/18700

http://secunia.com/advisories/18704

http://secunia.com/advisories/22065

http://securitytracker.com/id?1015570

http://www.mozilla.org/security/announce/2006/mfsa2006-08.html

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/bid/16476

http://www.vupen.com/english/advisories/2006/0413

http://www.vupen.com/english/advisories/2006/3749

https://bugzilla.mozilla.org/show_bug.cgi?id=322312

https://exchange.xforce.ibmcloud.com/vulnerabilities/24437

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1625

Details

Source: MITRE

Published: 2006-02-02

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
24403Solaris 9 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
24395Solaris 8 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
23773Solaris 9 (x86) : 120672-08NessusSolaris Local Security Checks
critical
23772Solaris 8 (x86) : 120672-08NessusSolaris Local Security Checks
critical
22987Solaris 10 (x86) : 119116-35 (deprecated)NessusSolaris Local Security Checks
critical
22954Solaris 10 (sparc) : 119115-36 (deprecated)NessusSolaris Local Security Checks
critical
20863SeaMonkey < 1.0 Multiple VulnerabilitiesNessusWindows
high
20842Firefox < 1.5.0.1 Multiple VulnerabilitiesNessusWindows
high
3405Mozilla Firefox < 1.5.0.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3258Mozilla Thunderbird < 1.5 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
3516SeaMonkey < 1.0.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3514Mozilla Firefox < 1.7.13 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3513Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
3512Mozilla Firefox < 1.0.8 / 1.5.x < 1.5.0.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
801357Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801243Mozilla Firefox < 1.5.0.1 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801226Mozilla Browser < 1.7.13 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801220Mozilla Firefox < 1.5.0.2 or 1.0.8 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high