Описание
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 4.0~b8+nobinonly-0ubuntu3 |
| hardy | ignored | end of life |
| karmic | DNE | |
| lucid | released | 3.6.13+build3+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 3.6.13+build3+nobinonly-0ubuntu0.10.10.1 |
| upstream | released | 3.6.13 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 3.6.13+build3+nobinonly-0ubuntu0.8.04.1 |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| karmic | released | 3.6.13+build3+nobinonly-0ubuntu0.9.10.1 |
| lucid | DNE | |
| maverick | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 2.0.11+build1+nobinonly-0ubuntu1 |
| hardy | released | 2.0.11+build1+nobinonly-0ubuntu0.8.04.1 |
| karmic | released | 2.0.11+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 2.0.11+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 2.0.11+build1+nobinonly-0ubuntu0.10.10.1 |
| upstream | released | 2.0.11 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.9.2.13+build3+nobinonly-0ubuntu1 |
| hardy | released | 1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1 |
| karmic | released | 1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1 |
| upstream | needs-triage |
Показывать по
6.8 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.
6.8 Medium
CVSS2