Описание
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | |
| hardy | ignored | end of life |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | not-affected | |
| maverick | not-affected | |
| natty | not-affected | |
| oneiric | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.1.17+nobinonly-0ubuntu1 |
| hardy | released | 1.1.17+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 1.1.17+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 1.1.17+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 1.1.17+nobinonly-0ubuntu1 |
| lucid | released | 1.1.17+nobinonly-0ubuntu1 |
| maverick | released | 1.1.17+nobinonly-0ubuntu1 |
| natty | released | 1.1.17+nobinonly-0ubuntu1 |
| oneiric | released | 1.1.17+nobinonly-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
| hardy | released | 2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 2.0.0.22+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
| lucid | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
| maverick | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
| natty | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
| oneiric | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needed |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | ignored | end of life, was needed |
| hardy | released | 1.9.0.9+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 1.9.0.9+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 1.9.0.9+nobinonly-0ubuntu0.9.04.1 |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | released | 1.9.1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 1.9.1~rc2+nobinonly-0ubuntu1 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
The view-source: URI implementation in Mozilla Firefox before 3.0.9, T ...
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
EPSS
6.8 Medium
CVSS2