Описание
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1 |
| devel | DNE | |
| edgy | released | 2.0.0.12+0nobinonly+2-0ubuntu0.6.10 |
| feisty | released | 2.0.0.12+1nobinonly+2-0ubuntu0.7.4 |
| gutsy | released | 2.0.0.12+2nobinonly+2-0ubuntu0.7.10 |
| hardy | released | 2.0.0.12+2nobinonly+2-0ubuntu3 |
| intrepid | DNE | |
| upstream | released | 2.0.0.12 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| edgy | DNE | |
| feisty | DNE | |
| gutsy | ignored | end of life, was needs-triage |
| hardy | DNE | |
| intrepid | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| edgy | DNE | |
| feisty | DNE | |
| gutsy | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| edgy | DNE | |
| feisty | DNE | |
| gutsy | DNE | |
| hardy | not-affected | |
| intrepid | not-affected | |
| upstream | not-affected | 1.1.8 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.8.1.13+nobinonly-0ubuntu1 |
| edgy | ignored | end of life, was needs-triage |
| feisty | ignored | end of life, was needs-triage |
| gutsy | released | 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 |
| hardy | released | 1.8.1.13+nobinonly-0ubuntu1 |
| intrepid | released | 1.8.1.13+nobinonly-0ubuntu1 |
| upstream | released | 1.8.1.13 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and Se ...
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
ELSA-2008-0103: Critical: firefox security update (CRITICAL)
EPSS
4.3 Medium
CVSS2