Mozilla based browsers, including Firefox prior to 1.5.0.10 and 2.x prior to 2.0.0.2, and SeaMonkey prior to 1.0.8, allow remote malicious users to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 0.9.1 |
||
mozilla firefox 0.9.2 |
||
mozilla firefox 0.9.3 |
||
mozilla firefox 1.0.5 |
||
mozilla firefox 1.0.6 |
||
mozilla firefox 1.5.0.3 |
||
mozilla firefox 1.5.0.4 |
||
mozilla firefox 1.5.4 |
||
mozilla firefox 1.5.5 |
||
mozilla firefox 2.0.0.1 |
||
mozilla firefox 2.0 |
||
mozilla seamonkey 1.0.4 |
||
mozilla seamonkey 1.0.5 |
||
mozilla firefox 0.8 |
||
mozilla firefox 0.9 |
||
mozilla firefox 1.0.3 |
||
mozilla firefox 1.0.4 |
||
mozilla firefox 1.5.0.1 |
||
mozilla firefox 1.5.0.2 |
||
mozilla firefox 1.5.1 |
||
mozilla firefox 1.5.2 |
||
mozilla firefox 1.5.3 |
||
mozilla firefox 1.5 |
||
mozilla seamonkey 1.0.2 |
||
mozilla seamonkey 1.0.3 |
||
mozilla firefox 1.0 |
||
mozilla firefox 1.0.7 |
||
mozilla firefox 1.5.0.5 |
||
mozilla firefox 1.5.0.6 |
||
mozilla firefox 1.5.6 |
||
mozilla firefox 1.5.7 |
||
mozilla firefox preview_release |
||
mozilla seamonkey 1.0.6 |
||
mozilla seamonkey |
||
mozilla firefox 0.10 |
||
mozilla firefox 0.10.1 |
||
mozilla firefox 1.0.1 |
||
mozilla firefox 1.0.2 |
||
mozilla firefox 1.0.8 |
||
mozilla firefox 1.5.0.7 |
||
mozilla firefox 1.5.0.8 |
||
mozilla firefox 1.5.8 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.0.1 |
||
mozilla firefox |