CVE-2006-6503

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

🔗 References (106)

• secalert@redhatftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
• secalert@redhathttp://fedoranews.org/cms/node/2297
• secalert@redhathttp://fedoranews.org/cms/node/2338
• secalert@redhathttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2006-0758.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2006-0759.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2006-0760.html
• secalert@redhathttp://secunia.com/advisories/23282
• secalert@redhathttp://secunia.com/advisories/23420
• secalert@redhathttp://secunia.com/advisories/23422
• secalert@redhathttp://secunia.com/advisories/23433
• secalert@redhathttp://secunia.com/advisories/23439
• secalert@redhathttp://secunia.com/advisories/23440
• secalert@redhathttp://secunia.com/advisories/23468
• secalert@redhathttp://secunia.com/advisories/23514