XULDocument.persist() RDF data injection XULDocument.persist() function doesn't verify whether the second argument is a valid attribute name. Thus, an attacker can inject bogus RDF data into localstore.rdf in order to run arbitrary javascript. https://bugzilla.mozilla.org/show_bug.cgi?id=319847
From User-Agent: XML-RPC mozilla-1.7.12-1.5.2 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Should this bug as well as bug 179164 and bug 179167 be closed ERRATA, since the packages have been pushed to updates?
Closing this bug CURRENTRELEASE. Update announcement FEDORA-2006-075 for this issue is at: http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html
Forgive the bug-spam. Just checking something, regarding bug # 189589.