CVE-2006-0296

Source
https://nvd.nist.gov/vuln/detail/CVE-2006-0296
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2006-0296.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2006-0296
Downstream
Published
2006-02-02T20:06:00Z
Modified
2025-08-09T20:01:26Z
Summary
[none]
Details

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

References

Affected packages