PublicDate: 2006-02-01 02:02:00 UTC
Candidate: CVE-2006-0496
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0496
Description:
 Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly
 earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and
 possibly earlier, allows remote attackers to inject arbitrary web script or
 HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does
 not require that the style sheet have the same origin as the web page, as
 demonstrated by the compromise of a large number of LiveJournal accounts.
Ubuntu-Description: 
Notes: 
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs: 
upstream_firefox: needs-triage
dapper_firefox: ignored (only affected broken setups)
edgy_firefox: ignored (only affected broken setups)
feisty_firefox: ignored (only affected broken setups)
devel_firefox: ignored