Red Hat Bugzilla – Bug 179170
CVE-2006-0296 XULDocument.persist() RDF data injection
Last modified: 2007-11-30 17:11:22 EST
XULDocument.persist() RDF data injection
XULDocument.persist() function doesn't verify whether the second
argument is a valid attribute name. Thus, an attacker can inject
bogus RDF data into localstore.rdf in order to run arbitrary
From User-Agent: XML-RPC
mozilla-1.7.12-1.5.2 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Should this bug as well as bug 179164 and bug 179167 be closed ERRATA, since
the packages have been pushed to updates?
Closing this bug CURRENTRELEASE.
Update announcement FEDORA-2006-075 for this issue is at:
Forgive the bug-spam. Just checking something, regarding bug # 189589.