Описание
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| lucid | ignored | end of life |
| precise | released | 27.0+build1-0ubuntu0.12.04.1 |
| quantal | released | 27.0+build1-0ubuntu0.12.10.1 |
| saucy | released | 27.0+build1-0ubuntu0.13.10.1 |
| upstream | released | 27.0 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote att ...
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.
Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику выполнить обход правил ограничения домена
EPSS
5 Medium
CVSS2