USN-296-2: Firefox vulnerabilities

USN-296-1 fixed several vulnerabilities in Firefox for the Ubuntu 6.06 LTS release. This update provides the corresponding fixes for Ubuntu 5.04 and Ubuntu 5.10. For reference, these are the details of the original USN: Jonas Sicking discovered that under some circumstances persisted XUL attribut...

CVE-2006-3539

CVE-2006-3539 relates to multiple cross-site scripting (XSS) vulnerabilities in the DKScript.com Dragon’s Kingdom Script 1.0. The issue arises from javascript: URIs in the SRC attribute of IMG elements across various user input fields and actions (including do=write, do=onlinechar, do=new, and ot...

CVE-2006-3023

CVE-2006-3023 describes multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp of the Uapplication Uphotogallery 1.1 (and earlier). The issue allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters. The public description confirms affec...

CVE-2006-0251

CVE-2006-0251 describes a Cross-site scripting (XSS) vulnerability in Faq-O-Matic 2.711, affecting fom.cgi. The flaw allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd parameters. The connected documents reiterate the affected product and p...