{"vuid":"VU#405092","idnumber":"405092","name":"Mozilla products allows the src attribute in an img element to be changed to a JavaScript URI","keywords":["Mozilla","cross-site scripting","xss","src attribute","img element","JavaScript","URI","mozilla_20061219"],"overview":"Mozilla products contain a cross-site scripting vulnerability due to a vulnerability in the way IMG elements are loaded.","clean_desc":"A vulnerability in the way Mozilla products load IMG elements in a frame may cause a cross-site script injection. According to Mozilla Foundation Security Advisory 2006-72: ... the src attribute of an IMG element loaded in a frame could be changed to a javascript: URI that was able to bypass the protections against cross-site script (XSS) injection. The injected script could steal credentials and financial data, or perform destructive actions on behalf of a logged-in user.","impact":"By convincing a victim to view an HTML document (web page), an attacker could evaluate script in a different security domain than the one containing the attacker's document. The attacker could read or modify data in other web sites (read cookies/content, modify/create content, etc.). If the script is evaluated with chrome privileges, an attacker could execute arbitrary commands on the user's system.","resolution":"Apply an update\nAccording to the Mozilla Foundation Security Advisory 2006-72, this vulnerability is addressed in Firefox 2.0.0.1, Firefox 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7.","workarounds":"Disable JavaScript For instructions on how to disable JavaScript in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.","sysaffected":"","thanks":"This vulnerability was reported in Mozilla Foundation Security Advisory  \n2006-72\n. Mozilla credits \nmoz_bug_r_a4 with providing information about this issue.","author":"This document was written by Chris Taschner.","public":["http://www.mozilla.org/security/announce/2006/mfsa2006-72.html","https://bugzilla.mozilla.org/show_bug.cgi?id=351370","http://secunia.com/advisories/23591/","http://secunia.com/advisories/23598/","http://secunia.com/advisories/23439/","http://secunia.com/advisories/23545/","http://secunia.com/advisories/23601/","http://secunia.com/advisories/23614/","http://secunia.com/advisories/23618/","http://secunia.com/advisories/23692/","http://www.securityfocus.com/bid/21668","http://secunia.com/advisories/23988/"],"cveids":["CVE-2006-6503"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-12-20T20:42:14Z","publicdate":"2006-12-19T00:00:00Z","datefirstpublished":"2007-01-18T16:24:21Z","dateupdated":"2007-03-05T18:14:43Z","revision":30,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"10.26","cam_scorecurrentwidelyknown":"12.96","cam_scorecurrentwidelyknownexploited":"23.76","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.26,"vulnote":null}