Vulnerability Details : CVE-2006-0299
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.
Products affected by CVE-2006-0299
- cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0299
16.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0299
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
References for CVE-2006-0299
-
https://bugzilla.mozilla.org/show_bug.cgi?id=322312
322312 - CVE-2006-0299 * ("AnyName") entrainment and (given future chrome use of e4x) access control hazard
-
http://www.mozilla.org/security/announce/2006/mfsa2006-08.html
"AnyName" entrainment and access control hazard — Mozilla
-
http://www.vupen.com/english/advisories/2006/3749
Site en construction
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1625
404 Not Found
-
http://www.securityfocus.com/bid/16476
Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24437
Multiple Mozilla products E4X "AnyName" object security bypass CVE-2006-0299 Vulnerability Report
-
http://www.vupen.com/english/advisories/2006/0413
Site en construction
-
http://www.securityfocus.com/archive/1/446657/100/200/threaded
-
http://securitytracker.com/id?1015570
GoDaddy Domain Name Search
Jump to