CVE-2006-0299

medium

Description

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.

References

http://secunia.com/advisories/18700

http://secunia.com/advisories/18704

http://secunia.com/advisories/22065

http://securitytracker.com/id?1015570

http://www.mozilla.org/security/announce/2006/mfsa2006-08.html

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/bid/16476

http://www.vupen.com/english/advisories/2006/0413

http://www.vupen.com/english/advisories/2006/3749

https://bugzilla.mozilla.org/show_bug.cgi?id=322312

https://exchange.xforce.ibmcloud.com/vulnerabilities/24437

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1625

Details

Source: MITRE

Published: 2006-02-02

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM