Описание
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | |
| hardy | ignored | end of life |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | not-affected | |
| maverick | not-affected | |
| natty | not-affected | |
| oneiric | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.1.17+nobinonly-0ubuntu1 |
| hardy | released | 1.1.17+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 1.1.17+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 1.1.17+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 1.1.17+nobinonly-0ubuntu1 |
| lucid | released | 1.1.17+nobinonly-0ubuntu1 |
| maverick | released | 1.1.17+nobinonly-0ubuntu1 |
| natty | released | 1.1.17+nobinonly-0ubuntu1 |
| oneiric | released | 1.1.17+nobinonly-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
| hardy | released | 2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 2.0.0.22+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
| lucid | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
| maverick | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
| natty | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
| oneiric | released | 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needed |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | ignored | end of life, was needed |
| hardy | released | 1.9.0.9+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 1.9.0.9+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 1.9.0.9+nobinonly-0ubuntu0.9.04.1 |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | released | 1.9.1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 1.9.1~rc2+nobinonly-0ubuntu1 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not proper ...
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
EPSS
4.3 Medium
CVSS2