{"id":"CVE-2006-6503","details":"Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.","modified":"2026-01-27T04:07:36.083878Z","published":"2006-12-20T01:28:00Z","withdrawn":"2026-01-27T04:07:36.083878Z","references":[{"type":"ADVISORY","url":"ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2006-0758.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2006-0759.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2006-0760.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23282"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23420"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23422"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23433"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23439"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23440"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23468"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23514"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23545"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23589"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23591"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23598"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23601"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23614"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23618"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23672"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23692"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23988"},{"type":"ADVISORY","url":"http://secunia.com/advisories/24078"},{"type":"ADVISORY","url":"http://secunia.com/advisories/24390"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-200701-02.xml"},{"type":"ADVISORY","url":"http://securitytracker.com/id?1017414"},{"type":"ADVISORY","url":"http://securitytracker.com/id?1017415"},{"type":"ADVISORY","url":"http://securitytracker.com/id?1017416"},{"type":"ADVISORY","url":"http://www.debian.org/security/2007/dsa-1253"},{"type":"ADVISORY","url":"http://www.debian.org/security/2007/dsa-1258"},{"type":"ADVISORY","url":"http://www.debian.org/security/2007/dsa-1265"},{"type":"ADVISORY","url":"http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml"},{"type":"ADVISORY","url":"http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"},{"type":"WEB","url":"http://www.kb.cert.org/vuls/id/405092"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:010"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:011"},{"type":"ADVISORY","url":"http://www.mozilla.org/security/announce/2006/mfsa2006-72.html"},{"type":"ADVISORY","url":"http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"},{"type":"ADVISORY","url":"http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/21668"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/usn-398-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/usn-398-2"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/usn-400-1"},{"type":"WEB","url":"http://www.us-cert.gov/cas/techalerts/TA06-354A.html"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/5068"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2008/0083"},{"type":"ADVISORY","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10895"},{"type":"WEB","url":"http://fedoranews.org/cms/node/2297"},{"type":"WEB","url":"http://fedoranews.org/cms/node/2338"},{"type":"WEB","url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/455145/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/455728/100/200/threaded"},{"type":"WEB","url":"https://issues.rpath.com/browse/RPL-883"}],"schema_version":"1.7.3"}