Описание
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-0170
- https://bugzilla.mozilla.org/show_bug.cgi?id=541530
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8602
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
- http://www.mozilla.org/security/announce/2010/mfsa2010-10.html
- http://www.securityfocus.com/bid/38918
- http://www.securityfocus.com/bid/38919
- http://www.vupen.com/english/advisories/2010/0692
Связанные уязвимости
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected w ...