Описание
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.
Релиз | Статус | Примечание |
---|---|---|
devel | not-affected | 29.0+build1-0ubuntu0.14.04.2 |
esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [29.0+build1-0ubuntu0.14.04.2]] |
lucid | ignored | end of life |
precise | released | 29.0+build1-0ubuntu0.12.04.2 |
quantal | released | 29.0+build1-0ubuntu0.12.10.3 |
saucy | released | 29.0+build1-0ubuntu0.13.10.3 |
trusty | released | 29.0+build1-0ubuntu0.14.04.2 |
trusty/esm | DNE | trusty was released [29.0+build1-0ubuntu0.14.04.2] |
upstream | released | 29.0 |
Показывать по
Релиз | Статус | Примечание |
---|---|---|
devel | not-affected | |
esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:24.5.0+build1-0ubuntu0.14.04.1]] |
lucid | ignored | end of life |
precise | released | 1:24.5.0+build1-0ubuntu0.12.04.1 |
quantal | released | 1:24.5.0+build1-0ubuntu0.12.10.1 |
saucy | released | 1:24.5.0+build1-0ubuntu0.13.10.1 |
trusty | released | 1:24.5.0+build1-0ubuntu0.14.04.1 |
trusty/esm | DNE | trusty was released [1:24.5.0+build1-0ubuntu0.14.04.1] |
upstream | released | 24.5.0 |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.
The docshell implementation in Mozilla Firefox before 29.0, Firefox ES ...
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.
Уязвимость программного пакета SeaMonkey, позволяющая удаленному злоумышленнику выполнить произвольный код
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3