Published: 02/02/2006 Updated: 19/10/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 680

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

The E4X implementation in Mozilla Firefox prior to 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey prior to 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 1.5
mozilla seamonkey 1.0
mozilla thunderbird 1.5

Mozilla Foundation Security Advisory 2006-08 "AnyName" entrainment and access control hazard Announced February 1, 2006 Reporter Brendan Eich Impact Low Products Firefox, SeaMonkey, Thunderbird Fixed in ...

NVD-CWE-Other https://bugzilla.mozilla.org/show_bug.cgi?id=322312 http://www.securityfocus.com/bid/16476 http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://securitytracker.com/id?1015570 http://www.mozilla.org/security/announce/2006/mfsa2006-08.html http://secunia.com/advisories/22065 http://www.vupen.com/english/advisories/2006/3749 http://www.vupen.com/english/advisories/2006/0413 https://exchange.xforce.ibmcloud.com/vulnerabilities/24437 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1625 http://www.securityfocus.com/archive/1/446657/100/200/threaded https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2006-08/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-0299

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect