Описание
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 3.6+nobinonly-0ubuntu3 |
| hardy | not-affected | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | not-affected | 3.6+nobinonly-0ubuntu3 |
| upstream | released | 3.6 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 2.0.4+nobinonly-0ubuntu1 |
| hardy | released | 2.0.8+build1+nobinonly-0ubuntu0.8.04.1 |
| intrepid | ignored | end of life, was needed |
| jaunty | released | 2.0.8+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 2.0.8+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 2.0.8+build1+nobinonly-0ubuntu0.10.04.1 |
| upstream | released | 2.0.3 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 3.0.3+nobinonly-0ubuntu1 |
| hardy | not-affected | |
| intrepid | not-affected | |
| jaunty | not-affected | |
| karmic | not-affected | |
| lucid | not-affected | 3.0.3+nobinonly-0ubuntu1 |
| upstream | released | 3.0.2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 1.9.0.18+build1+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 1.9.0.18+build1+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 1.9.0.18+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | DNE | |
| lucid | DNE | |
| upstream | released | 1.9.0.18 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | released | 1.9.1.8+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 1.9.1.8+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | DNE | |
| upstream | released | 1.9.1.8 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMon ...
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.
EPSS
4.3 Medium
CVSS2