Cross-domain vulnerability in Mozilla Firefox allows remote malicious users to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 0.8 |
||
mozilla firefox 1.5 |
||
mozilla firefox 1.5.2 |
||
mozilla firefox 1.5.0.3 |
||
mozilla firefox 1.0.2 |
||
mozilla firefox 0.9.1 |
||
mozilla firefox 1.0.4 |
||
mozilla firefox 1.0.7 |
||
mozilla firefox 0.10.1 |
||
mozilla firefox 0.9 |
||
mozilla firefox 1.0 |
||
mozilla firefox 1.0.1 |
||
mozilla firefox 1.0.6 |
||
mozilla firefox preview_release |
||
mozilla firefox 1.5.0.2 |
||
mozilla firefox 1.0.3 |
||
mozilla firefox 1.5.1 |
||
mozilla firefox 0.9.3 |
||
mozilla firefox 0.9.2 |
||
mozilla firefox 1.5.3 |
||
mozilla firefox 1.5.0.4 |
||
mozilla firefox 1.5.0.1 |
||
mozilla firefox 0.10 |
||
mozilla firefox 1.0.5 |
||
mozilla firefox 2.0 |
||
mozilla firefox 1.0.8 |