CVE-2006-0299
Published: 2 February 2006
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
|
edgy |
Released
(2.0.0.6+0dfsg-0ubuntu0.6.10)
|
|
feisty |
Released
(2.0.0.6+1-0ubuntu1)
|
|
upstream |
Needs triage
|
|
firefox-granparadiso Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
lightning-sunbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
midbrowser Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13-0ubuntu0.6.06)
|
edgy |
Released
(1.5.0.13-0ubuntu0.6.10)
|
|
feisty |
Released
(1.5.0.13-0ubuntu0.7.04)
|
|
upstream |
Needs triage
|