CVE-2005-0588

Publication date 2 May 2005

Last updated 24 July 2024

Ubuntu priority

Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mozilla	7.04 feisty	Not in release
	6.10 edgy	Fixed 1.7.12-1.1ubuntu2
	6.06 LTS dapper	Fixed 1.7.12-1.1ubuntu2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-149-3
Ubuntu 4.10 update for Firefox vulnerabilities
28 July 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0588