CVE-2006-0296 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-0296 Interim 1 5 2024-09-09T01:31:28Z current 2021-05-30T12:34:47Z 2024-09-09T01:31:28Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-0296 The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X3YEJBX7PCPEXDVVJSDPHPYP2KMMKMZW/#X3YEJBX7PCPEXDVVJSDPHPYP2KMMKMZW E-Mail link for SUSE-SA:2006:022 https://www.suse.com/support/security/rating/ SUSE Security Ratings The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. CVE-2006-0296 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N