Launchpad CVE tracker

CVE 2005-0588

Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.

Related bugs and status

CVE-2005-0588 (Candidate) is related to these bugs:

Bug #12680: [warty] IDN support allows domain name spoofing

Summary				In	Importance	Status
	12680	[warty] IDN support allows domain name spoofing		mozilla (Ubuntu)	High	Fix Released
	12680	[warty] IDN support allows domain name spoofing		mozilla (Debian)	Unknown	Fix Released

Bug #13406: [Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function

Summary				In	Importance	Status
	13406	[Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function		mozilla (Ubuntu)	High	Fix Released
	13406	[Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function		mozilla (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-0588

References