Описание
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 3.6.9+build1+nobinonly-0ubuntu1 |
| hardy | ignored | end of life |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | released | 3.6.9+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 3.6.9+build1+nobinonly-0ubuntu1 |
| natty | released | 3.6.9+build1+nobinonly-0ubuntu1 |
| upstream | released | 3.6.9 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 3.6.9+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | released | 3.6.9+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| jaunty | released | 3.5.12+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 3.6.9+build1+nobinonly-0ubuntu0.9.10.2 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 2.0.7+build1+nobinonly-0ubuntu1 |
| hardy | released | 2.0.8+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | released | 2.0.8+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 2.0.8+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 2.0.7+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 2.0.7+build1+nobinonly-0ubuntu1 |
| natty | released | 2.0.7+build1+nobinonly-0ubuntu1 |
| upstream | released | 2.0.7 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 3.1.3+build1+nobinonly-0ubuntu1 |
| hardy | ignored | end of life |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | released | 3.0.7+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 3.1.3+build1+nobinonly-0ubuntu1 |
| natty | released | 3.1.3+build1+nobinonly-0ubuntu1 |
| upstream | released | 3.0.7, 3.1.3 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| jaunty | released | 1.9.1.12+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 1.9.1.12+build1+nobinonly-0ubuntu0.9.10.2 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | released | 1.9.1.12 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.9.2.9+build1+nobinonly-0ubuntu1 |
| hardy | released | 1.9.2.9+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | released | 1.9.2.9+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 1.9.2.9+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 1.9.2.9+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 1.9.2.9+build1+nobinonly-0ubuntu1 |
| natty | released | 1.9.2.9+build1+nobinonly-0ubuntu1 |
| upstream | released | 1.9.2.9 |
Показывать по
4.3 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.
4.3 Medium
CVSS2