CVE-2006-0496

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2006-0496
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://community.livejournal.com/lj_dev/708069.html
http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html
https://bugzilla.mozilla.org/show_bug.cgi?id=324253
http://www.securityfocus.com/bid/16427 Exploit
http://www.osvdb.org/22924
http://securitytracker.com/id?1015553
http://securitytracker.com/id?1015563
http://www.vupen.com/english/advisories/2006/0403
http://marc.info/?l=full-disclosure&m=113847912709062&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/24427
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
Information

Published : 2006-01-31 18:02

Updated : 2017-07-19 18:29

NVD link : CVE-2006-0496

Mitre link : CVE-2006-0496

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

mozilla

  • firefox
  • mozilla