CVE-2006-0299
Published: 2 February 2006
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.
Priority
Status
Package | Release | Status |
---|---|---|
midbrowser Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
gutsy |
Released
(0.1.6b-0ubuntu2)
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13-0ubuntu0.6.06)
|
edgy |
Released
(1.5.0.13-0ubuntu0.6.10)
|
|
feisty |
Released
(1.5.0.13-0ubuntu0.7.04)
|
|
upstream |
Needs triage
|
|
gutsy |
Does not exist
|
|
firefox-granparadiso Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
gutsy |
Released
(3.0~alpha7-0ubuntu6)
|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
|
edgy |
Released
(2.0.0.6+0dfsg-0ubuntu0.6.10)
|
|
feisty |
Released
(2.0.0.6+1-0ubuntu1)
|
|
upstream |
Needs triage
|
|
lightning-sunbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
gutsy |
Released
(0.5-0ubuntu4)
|