Описание
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 4.0~b8+nobinonly-0ubuntu3 |
| hardy | ignored | end of life |
| karmic | DNE | |
| lucid | released | 3.6.13+build3+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 3.6.13+build3+nobinonly-0ubuntu0.10.10.1 |
| upstream | released | 3.6.13 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 3.6.13+build3+nobinonly-0ubuntu0.8.04.1 |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| karmic | released | 3.6.13+build3+nobinonly-0ubuntu0.9.10.1 |
| lucid | DNE | |
| maverick | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 2.0.11+build1+nobinonly-0ubuntu1 |
| hardy | released | 2.0.11+build1+nobinonly-0ubuntu0.8.04.1 |
| karmic | released | 2.0.11+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 2.0.11+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 2.0.11+build1+nobinonly-0ubuntu0.10.10.1 |
| upstream | released | 2.0.11 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.9.2.13+build3+nobinonly-0ubuntu1 |
| hardy | released | 1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1 |
| karmic | released | 1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1 |
| upstream | needs-triage |
Показывать по
9.3 Critical
CVSS2
Связанные уязвимости
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.
9.3 Critical
CVSS2