Lucene search
Mozilla FoundationMFSA2006-72HistoryDec 19, 2006 - 12:00 a.m.
XSS by setting img.src to javascript: URI — Mozilla
2006-12-1900:00:00
Mozilla Foundation
www.mozilla.org
14
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.156 Low
EPSS
Percentile
95.8%
moz_bug_r_a4 reported that the src attribute of an IMG element loaded in a frame could be changed to a javascript: URI that was able to bypass the protections against cross-site script (XSS) injection. The injected script could steal credentials and financial data, or perform destructive actions on behalf of a logged-in user.
Related
ubuntucve
ubuntucve
CVE-2006-6503
2006-12-20 00:00:00
debiancve
debiancve
CVE-2006-6503
2006-12-20 01:28:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:12:24
cve
cve
CVE-2006-6503
2006-12-20 01:28:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2006-72
2006-12-20 00:00:00
cert
cert
nessus
nessus
Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:010)
2007-02-18 00:00:00
Oracle Linux 4 : firefox (ELSA-2006-0758)
2013-07-12 00:00:00
Fedora Core 5 : firefox-1.5.0.9-1.fc5 (2006-1499)
2007-01-17 00:00:00
oraclelinux
oraclelinux
Critical firefox security update
2006-12-20 00:00:00
Critical thunderbird security update
2006-12-20 00:00:00
Critical seamonkey security update
2006-12-20 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: firefox-1.5.0.9-1.fc5
2006-12-22 20:21:55
[SECURITY] Fedora Core 6 Update: firefox-1.5.0.9-1.fc5
2006-12-21 22:02:27
[SECURITY] Fedora Core 5 Update: thunderbird-1.5.0.9-2.fc5
2007-01-02 20:23:31
openvas
openvas
Gentoo Security Advisory GLSA 200701-03 (mozilla-thunderbird)
2008-09-24 00:00:00
Mandriva Update for mozilla-thunderbird MDKSA-2007:011 (mozilla-thunderbird)
2009-04-09 00:00:00
Mandriva Update for mozilla-firefox MDKSA-2007:010 (mozilla-firefox)
2009-04-09 00:00:00
osv
osv
centos
centos
firefox security update
2006-12-23 11:43:06
seamonkey security update
2006-12-20 05:41:20
thunderbird security update
2006-12-23 11:43:30
redhat
redhat
(RHSA-2006:0758) Critical: firefox security update
2006-12-19 00:00:00
(RHSA-2006:0760) Critical: thunderbird security update
2006-12-19 00:00:00
(RHSA-2006:0759) Critical: seamonkey security update
2006-12-19 00:00:00
debian
debian
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2007-01-04 00:00:00
SeaMonkey: Multiple vulnerabilities
2007-01-10 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2007-01-04 00:00:00
ubuntu
ubuntu
Firefox regression
2007-01-27 00:00:00
Firefox vulnerabilities
2007-01-03 00:00:00
Thunderbird vulnerabilities
2007-01-05 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird
2006-12-29 15:41:46
remote denial of service in mozilla
2007-01-12 14:08:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.156 Low
EPSS
Percentile
95.8%
Related for MFSA2006-72