CVE-2005-0588

Published: Feb 28, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

12659

vdb-entry

x_refsource_BID

oval:org.mitre.oval:def:10682

vdb-entry

signature

x_refsource_OVAL

RHSA-2005:176

vendor-advisory

x_refsource_REDHAT

http://www.mozilla.org/security/announce/mfsa2005-20.html

x_refsource_CONFIRM

RHSA-2005:384

vendor-advisory

x_refsource_REDHAT

GLSA-200503-30

vendor-advisory

x_refsource_GENTOO

oval:org.mitre.oval:def:100038

vdb-entry

signature

x_refsource_OVAL

https://bugzilla.mozilla.org/show_bug.cgi?id=271209

x_refsource_CONFIRM

GLSA-200503-10

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2005-0588

Description

Affected Products

References