cve-2006-0496
Vulnerability from cvelistv5
Published
2006-02-01 02:00
Modified
2024-08-07 16:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.
References
cve@mitre.orghttp://community.livejournal.com/lj_dev/708069.html
cve@mitre.orghttp://marc.info/?l=full-disclosure&m=113847912709062&w=2
cve@mitre.orghttp://securitytracker.com/id?1015553
cve@mitre.orghttp://securitytracker.com/id?1015563
cve@mitre.orghttp://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html
cve@mitre.orghttp://www.osvdb.org/22924
cve@mitre.orghttp://www.securityfocus.com/bid/16427Exploit
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/0403
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=324253
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/24427
af854a3a-2127-422b-91ae-364da2661108http://community.livejournal.com/lj_dev/708069.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=full-disclosure&m=113847912709062&w=2
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015553
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015563
af854a3a-2127-422b-91ae-364da2661108http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/22924
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16427Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0403
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=324253
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24427
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:34:14.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=324253"
          },
          {
            "name": "1015563",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015563"
          },
          {
            "name": "mozilla-mozbinding-xss(24427)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427"
          },
          {
            "name": "ADV-2006-0403",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0403"
          },
          {
            "name": "16427",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16427"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://community.livejournal.com/lj_dev/708069.html"
          },
          {
            "name": "1015553",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015553"
          },
          {
            "name": "20060128 -moz-binding CSS property: more XSS fun",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=113847912709062\u0026w=2"
          },
          {
            "name": "22924",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/22924"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=324253"
        },
        {
          "name": "1015563",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015563"
        },
        {
          "name": "mozilla-mozbinding-xss(24427)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427"
        },
        {
          "name": "ADV-2006-0403",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0403"
        },
        {
          "name": "16427",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16427"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://community.livejournal.com/lj_dev/708069.html"
        },
        {
          "name": "1015553",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015553"
        },
        {
          "name": "20060128 -moz-binding CSS property: more XSS fun",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=113847912709062\u0026w=2"
        },
        {
          "name": "22924",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/22924"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0496",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html",
              "refsource": "MISC",
              "url": "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=324253",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=324253"
            },
            {
              "name": "1015563",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015563"
            },
            {
              "name": "mozilla-mozbinding-xss(24427)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427"
            },
            {
              "name": "ADV-2006-0403",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0403"
            },
            {
              "name": "16427",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16427"
            },
            {
              "name": "http://community.livejournal.com/lj_dev/708069.html",
              "refsource": "MISC",
              "url": "http://community.livejournal.com/lj_dev/708069.html"
            },
            {
              "name": "1015553",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015553"
            },
            {
              "name": "20060128 -moz-binding CSS property: more XSS fun",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=113847912709062\u0026w=2"
            },
            {
              "name": "22924",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/22924"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0496",
    "datePublished": "2006-02-01T02:00:00",
    "dateReserved": "2006-01-31T00:00:00",
    "dateUpdated": "2024-08-07T16:34:14.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-0496\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-02-01T02:02:00.000\",\"lastModified\":\"2024-11-21T00:06:35.880\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en Mozilla 1.7.12 y posiblemente versiones anteriores, Mozilla Firefox 1.0.7 y posiblemente versiones anteriores y Netscape 8.1 y posiblemente versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de propiedad CSS (Cascading Style Sheets) -moz-binding, lo que no requiere que la hoja de estilos tenga el mismo origen que la p\u00e1gina web, como es demostrado por el compromiso de un gran n\u00famero de cuentas de LiveJournal.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A545A77-2198-4685-A87F-E0F2DAECECF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"778FAE0C-A5CF-4B67-93A9-1A803E3E699F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7447185-7509-449D-8907-F30A42CF7EB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EDBAC37-9D08-44D1-B279-BC6ACF126CAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FFF89FA-2020-43CC-BACD-D66117B3DD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"834BB391-5EB5-43A8-980A-D305EDAE6FA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A38AD88-BAA6-4FBE-885B-69E951BD1EFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B500EE6C-99DB-49A3-A1F1-AFFD7FE28068\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCEAEDEB-0EE7-4221-B9B8-65438580D331\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"78A75EE3-DC19-4F21-86F4-834FCEAFEFA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"F610FFD5-DF37-4075-AE8B-8D89DF6205A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D093FD25-94C8-49B8-A452-438023BFB105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3346E7D0-D7EF-4182-BD86-837F14EEB9FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"150F1B28-0FAB-4880-B1D5-7F244A1C4D31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FE7EA3B-3BF8-4696-9488-78506074D62D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C883B45F-D28D-428E-AAF7-F93522A229DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFA659B9-2A00-45A6-A462-4E0A20FB7F81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D48957B0-BD47-4186-ACD7-0B9E7DB39B38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E748A943-8A1E-4657-826C-EBE013E04864\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"655FA37C-DA33-4195-AEAF-5A5D40C5C245\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDD5B652-8474-4C00-9CDD-62B499045932\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2BD8D89-4936-402C-973D-5F4B071806D5\"}]}]}],\"references\":[{\"url\":\"http://community.livejournal.com/lj_dev/708069.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=113847912709062\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015553\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015563\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/22924\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/16427\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0403\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=324253\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24427\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://community.livejournal.com/lj_dev/708069.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=113847912709062\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/22924\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/16427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0403\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=324253\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.