The XULDocument.persist function in Mozilla, Firefox prior to 1.5.0.1, and SeaMonkey prior to 1.0 does not validate the attribute name, which allows remote malicious users to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 0.8 |
||
mozilla firefox 0.9 |
||
mozilla firefox 1.0.2 |
||
mozilla firefox 1.0.3 |
||
mozilla firefox 1.5 |
||
mozilla seamonkey 1.0 |
||
mozilla firefox 0.9.3 |
||
mozilla firefox 1.0.6 |
||
mozilla firefox 0.9.1 |
||
mozilla firefox 0.9.2 |
||
mozilla firefox 1.0.4 |
||
mozilla firefox 1.0.5 |
||
mozilla firefox 0.10 |
||
mozilla firefox 0.10.1 |
||
mozilla firefox 1.0 |
||
mozilla firefox 1.0.1 |
||
mozilla firefox 1.0.7 |