CVE-2006-6503— Mozilla Firefox/SeaMonkey/Thunderbird IMG元素的src属性跨站脚本漏洞

EPSS 17.11% · P95 更新于 2026-02-27

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2006-6503 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

Vulnerability Title

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Description

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

来源: 美国国家漏洞数据库 NVD

CVSS Information

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Type

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Title

Mozilla Firefox/SeaMonkey/Thunderbird IMG元素的src属性跨站脚本漏洞

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Description

Mozilla Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。 Mozilla Firefox和Thunderbird和SeaMonkey存在跨站脚本攻击漏洞。在处理从帧加载的IMG元素的src属性时的漏洞允许更改javascript: URI的属性，导致在用户浏览器会话中执行任意HTML和脚本代码；

来源: 中国国家信息安全漏洞库 CNNVD

CVSS Information

N/A

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Type

N/A

来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商	产品	影响版本	CPE	订阅
-	n/a	n/a	-

二、漏洞 CVE-2006-6503 的公开POC

#	POC 描述	源链接	神龙链接

AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2006-6503 的情报信息

Please 登录 to view more intelligence information

https://issues.rpath.com/browse/RPL-883x_refsource_CONFIRM
http://secunia.com/advisories/23420third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23514third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23468third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23618third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23545third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23422third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23988third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23598third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23591third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23439third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23433third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23282third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24390third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23614third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23692third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23589third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23440third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24078third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23601third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23672third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/21668vdb-entryx_refsource_BID
http://securitytracker.com/id?1017415vdb-entryx_refsource_SECTRACK
http://securitytracker.com/id?1017414vdb-entryx_refsource_SECTRACK
http://securitytracker.com/id?1017416vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2007/dsa-1258vendor-advisoryx_refsource_DEBIAN
http://www.debian.org/security/2007/dsa-1265vendor-advisoryx_refsource_DEBIAN
http://www.debian.org/security/2007/dsa-1253vendor-advisoryx_refsource_DEBIAN
http://www.kb.cert.org/vuls/id/405092third-party-advisoryx_refsource_CERT-VN
http://www.ubuntu.com/usn/usn-398-2vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/usn-400-1vendor-advisoryx_refsource_UBUNTU
USN-398-1: Firefox vulnerabilities | Ubuntu security notices | Ubuntuvendor-advisoryx_refsource_UBUNTU
http://www.us-cert.gov/cas/techalerts/TA06-354A.htmlthird-party-advisoryx_refsource_CERT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2006/5068vdb-entryx_refsource_VUPEN
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.ascvendor-advisoryx_refsource_SGI
http://www.vupen.com/english/advisories/2008/0083vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDKSA-2007:011vendor-advisoryx_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2006-0758.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2006-0760.htmlvendor-advisoryx_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200701-03.xmlvendor-advisoryx_refsource_GENTOO
http://security.gentoo.org/glsa/glsa-200701-02.xmlvendor-advisoryx_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2006-0759.htmlvendor-advisoryx_refsource_REDHAT
http://fedoranews.org/cms/node/2338vendor-advisoryx_refsource_FEDORA
http://www.novell.com/linux/security/advisories/2007_06_mozilla.htmlvendor-advisoryx_refsource_SUSE
http://fedoranews.org/cms/node/2297vendor-advisoryx_refsource_FEDORA
http://www.novell.com/linux/security/advisories/2006_80_mozilla.htmlvendor-advisoryx_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10895vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/455145/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/455728/100/200/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2006-6503

同批安全公告 · n/a · 2006-12-20 · 共 46 条

CVE-2006-6658		Inktomi Search 参数缺失直接请求路径泄露漏洞
CVE-2006-6498		Mozilla Firefox/SeaMonkey/Thunderbird JavaScript引擎错误内存破坏漏洞
CVE-2006-6500		Mozilla Firefox/SeaMonkey/Thunderbird CSS光标属性堆溢出漏洞
CVE-2006-6504		Mozilla Firefox/SeaMonkey/Thunderbird SVG标注对象拒绝服务漏洞
CVE-2006-6505		Mozilla Firefox/SeaMonkey/Thunderbird 多个堆溢出漏洞
CVE-2006-6506		Mozilla Firefox/SeaMonkey/Thunderbird Feed Preview功能安全泄露漏洞
CVE-2006-6507		Mozilla Firefox 原型回退功能跨站脚本攻击漏洞
CVE-2006-6641		CA CleverPath Portal和其他嵌入了Portal 环境会话劫持漏洞
CVE-2006-6502		Mozilla Firefox/SeaMonkey/Thunderbird LiveConnect释放后使用漏洞
CVE-2006-6659		Microsoft Outlook ActiveX控件远程Internet Explorer拒绝服务漏洞
CVE-2006-6497		Mozilla Firefox/SeaMonkey/Thunderbird 未明拒绝服务漏洞
CVE-2006-6657		NetBSD-current if_clone_list函数敏感信息泄露漏洞
CVE-2006-6656		NetBSD-current ptrace未明信息泄露漏洞
CVE-2006-6655		NetBSD-curren procfs文件系统拒绝服务攻击漏洞
CVE-2006-6654		NetBSD-current sendmsg函数拒绝服务攻击漏洞
CVE-2006-6653		NetBSD-current accept函数拒绝服务攻击漏洞
CVE-2006-6652		NetBSD-current 'glob.c'缓冲区溢出漏洞
CVE-2006-6651		Intel 2200BG 'W29N51.SYS'驱动信标帧远程执行代码漏洞
CVE-2006-6650		MXBB Charts 模块 'charts_constants.php' Module_Root_Path远程文件包含漏洞
CVE-2006-6649		HyperVM 'display.php'跨站脚本攻击漏洞

显示前 20 条，共 46 条。查看全部 → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2006-6503

暂无评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2006-6503— Mozilla Firefox/SeaMonkey/Thunderbird IMG元素的src属性跨站脚本漏洞

一、漏洞 CVE-2006-6503 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2006-6503 的公开POC

三、漏洞 CVE-2006-6503 的情报信息

同批安全公告 · n/a · 2006-12-20 · 共 46 条

IV. Related Vulnerabilities

V. Comments for CVE-2006-6503

发表评论

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2006-6503— Mozilla Firefox/SeaMonkey/Thunderbird IMG元素的src属性跨站脚本漏洞

一、 漏洞 CVE-2006-6503 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2006-6503 的公开POC

三、漏洞 CVE-2006-6503 的情报信息

同批安全公告 · n/a · 2006-12-20 · 共 46 条

IV. Related Vulnerabilities

V. Comments for CVE-2006-6503

发表评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

一、漏洞 CVE-2006-6503 基础信息