Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-0299

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.

Related bugs and status

CVE-2006-0299 (Candidate) is related to these bugs:

Bug #41096: update to thunderbird 1.5.0.2

Summary				In	Importance	Status
	41096	update to thunderbird 1.5.0.2		mozilla-thunderbird (Ubuntu)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.mozil...
BID: 16476
SECUNIA: 18700
SECUNIA: 18704
SECTRACK: 1015570
CONFIRM: http://www.mozilla.org...
SECUNIA: 22065
VUPEN: ADV-2006-0413
VUPEN: ADV-2006-3749
XF: mozilla-e4x-security-b...
OVAL: oval:org.mitre.oval:de...
HP: HPSBUX02156
HP: SSRT061236