CVE-2006-0296 (retired)

Priority
Description
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and
SeaMonkey before 1.0 does not validate the attribute name, which allows
remote attackers to execute arbitrary Javascript by injecting RDF data into
the user's localstore.rdf file.
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-08-23 08:08:05 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)