Описание
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1 |
| devel | released | 3.0.5+nobinonly-0ubuntu0.8.04.1 |
| gutsy | released | 2.0.0.19+nobinonly1-0ubuntu0.7.10.1 |
| hardy | released | 2.0.0.19+nobinonly1-0ubuntu0.8.04.1 |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | released | 3.0.5+nobinonly-0ubuntu0.8.04.1 |
| maverick | released | 3.0.5+nobinonly-0ubuntu0.8.04.1 |
| natty | released | 3.0.5+nobinonly-0ubuntu0.8.04.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | ignored | end of life, was needed |
| hardy | released | 3.0.5+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 3.0.5+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 3.0.5+nobinonly-0ubuntu1 |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | ignored | end of life, was needed |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1 |
| devel | DNE | |
| gutsy | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.1.15+nobinonly-0ubuntu2 |
| gutsy | DNE | |
| hardy | released | 1.1.15+nobinonly-0ubuntu0.8.04.2 |
| intrepid | released | 1.1.15+nobinonly-0ubuntu0.8.10.2 |
| jaunty | released | 1.1.15+nobinonly-0ubuntu2 |
| karmic | released | 1.1.15+nobinonly-0ubuntu2 |
| lucid | released | 1.1.15+nobinonly-0ubuntu2 |
| maverick | released | 1.1.15+nobinonly-0ubuntu2 |
| natty | released | 1.1.15+nobinonly-0ubuntu2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 2.0.0.19+nobinonly-0ubuntu1 |
| gutsy | released | 2.0.0.19+nobinonly-0ubuntu0.7.10.1 |
| hardy | released | 2.0.0.19+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 2.0.0.19+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 2.0.0.19+nobinonly-0ubuntu1 |
| karmic | released | 2.0.0.19+nobinonly-0ubuntu1 |
| lucid | released | 2.0.0.19+nobinonly-0ubuntu1 |
| maverick | released | 2.0.0.19+nobinonly-0ubuntu1 |
| natty | released | 2.0.0.19+nobinonly-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | released | 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 |
| hardy | released | 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1 |
| intrepid | released | 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1 |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | ignored | end of life, was needed |
| hardy | released | 1.9.0.5+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 1.9.0.5+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 1.9.0.5+nobinonly-0ubuntu1 |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
EPSS
6.8 Medium
CVSS2