Intrusion Prevention

Mozilla.Browsers.CSS.Moz-binding.XSS

Description

This indicates a possible exploit of a cross-site scripting (XSS) vulnerability in Mozilla.
This flaw is due to an origin validation error when processing certain CSS (Cascading Style Sheets) and HTML documents, containing a specially crafted "-moz-binding" property used in conjunction with the extensible binding language (XBL).

Affected Products

Mozilla Firefox 1.5 beta 2
Mozilla Firefox 1.5 beta 1
Mozilla Firefox 1.5
Mozilla Firefox 1.0.7
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.3
Mozilla Firefox 1.0.2
Mozilla Firefox 1.0.1
Mozilla Firefox 1.0

Impact

System compromise.

Recommended Actions

Mozilla Firefox Download Web page, Firefox - Rediscover the web at http://www.mozilla.org/products/firefox/.
Mozilla Suite Web page, Mozilla Suite- The All-in-One Internet Application Suite at http://www.mozilla.org/products/mozilla1.x/.

CVE References

CVE-2006-0496