CVE-2006-0299
First published: Thu Feb 02 2006(Updated: )
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla SeaMonkey | =1.0-beta | |
| Firefox | =1.5-beta1 | |
| Firefox | =1.5 | |
| Mozilla SeaMonkey | =1.0 | |
| Thunderbird | =1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=322312
- http://www.securityfocus.com/bid/16476
- http://secunia.com/advisories/18700
- http://secunia.com/advisories/18704
- http://securitytracker.com/id?1015570
- http://www.mozilla.org/security/announce/2006/mfsa2006-08.html
- http://secunia.com/advisories/22065
- http://www.vupen.com/english/advisories/2006/3749
- http://www.vupen.com/english/advisories/2006/0413
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24437
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1625
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0299?
CVE-2006-0299 is classified as a moderate severity vulnerability due to potential information leakage between cooperating domains.
How do I fix CVE-2006-0299?
To mitigate CVE-2006-0299, upgrade to Mozilla Firefox version 1.5.0.1 or later, Thunderbird 1.5, or SeaMonkey 1.0 or later.
Which versions of Mozilla software are affected by CVE-2006-0299?
CVE-2006-0299 affects Mozilla Firefox versions before 1.5.0.1, Thunderbird 1.5 when running Javascript in mail, and SeaMonkey before version 1.0.
What type of attack does CVE-2006-0299 facilitate?
CVE-2006-0299 can facilitate cross-domain information exchange attacks, violating the same origin policy.
Is CVE-2006-0299 present in beta versions of Mozilla products?
Yes, CVE-2006-0299 is present in the beta versions of Mozilla Firefox 1.5 and SeaMonkey 1.0.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0-beta
- canonical/firefox
- version/firefox/1.5-beta1
- version/firefox/1.5
- version/mozilla seamonkey/1.0
- canonical/thunderbird
- version/thunderbird/1.5