Описание
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1 |
| devel | released | 3.0.5+nobinonly-0ubuntu0.8.04.1 |
| gutsy | released | 2.0.0.19+nobinonly1-0ubuntu0.7.10.1 |
| hardy | released | 2.0.0.21~tb.21.308+nobinonly-0ubuntu0.8.04.1 |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | ignored | end of life, was needed |
| hardy | released | 3.0.5+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 3.0.5+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 3.0.5+nobinonly-0ubuntu1 |
| karmic | DNE | |
| upstream | released | 3.0.5 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | ignored | end of life, was needed |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| upstream | released | 1.1.14 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1 |
| devel | DNE | |
| gutsy | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1.1.15+nobinonly-0ubuntu2 |
| gutsy | DNE | |
| hardy | released | 1.1.17+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 1.1.17+nobinonly-0ubuntu0.8.10.1 |
| jaunty | not-affected | 1.1.15+nobinonly-0ubuntu2 |
| karmic | not-affected | 1.1.15+nobinonly-0ubuntu2 |
| upstream | released | 1.1.14 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 2.0.0.19+nobinonly-0ubuntu1 |
| gutsy | released | 2.0.0.19+nobinonly-0ubuntu0.7.10.1 |
| hardy | released | 2.0.0.19+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 2.0.0.19+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 2.0.0.19+nobinonly-0ubuntu1 |
| karmic | released | 2.0.0.19+nobinonly-0ubuntu1 |
| upstream | released | 2.0.0.19 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | ignored | end of life, was needed |
| hardy | released | 1.9.0.5+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 1.9.0.5+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 1.9.0.5+nobinonly-0ubuntu1 |
| karmic | DNE | |
| upstream | released | 1.9.0.5 |
Показывать по
EPSS
2.6 Low
CVSS2
Связанные уязвимости
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.1 ...
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
EPSS
2.6 Low
CVSS2