CVE-2006-0296
EPSS 41.2%
Description
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
How to fix CVE-2006-0296
To remediate CVE-2006-0296, upgrade the affected package to a fixed version below.
- Debian/thunderbird—upgrade to 1.5.0.2-1 or later
Is CVE-2006-0296 being exploited?
Moderate — EPSS is 41.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.5.0.2-1