The loadBindingDocument function in Mozilla Firefox 2.x prior to 2.0.0.19, Thunderbird 2.x prior to 2.0.0.19, and SeaMonkey 1.x prior to 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote malicious users to read or access data from other domains via crafted XBL bindings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 2.0.0.15 |
||
mozilla firefox 2.0.0.14 |
||
mozilla firefox 2.0.0.7 |
||
mozilla firefox 2.0.0.6 |
||
mozilla firefox 2.0.0.5 |
||
mozilla thunderbird 2.0.0.12 |
||
mozilla thunderbird 2.0.0.9 |
||
mozilla seamonkey 1.0.2 |
||
mozilla seamonkey 1.0.3 |
||
mozilla seamonkey 1.1 |
||
mozilla seamonkey 1.1.1 |
||
mozilla seamonkey 1.1.8 |
||
mozilla seamonkey 1.1.9 |
||
mozilla thunderbird 2.0.0.16 |
||
mozilla thunderbird 2.0.0.17 |
||
mozilla firefox 2.0.0.11 |
||
mozilla firefox 2.0.0.10 |
||
mozilla firefox 2.0.0.2 |
||
mozilla firefox 2.0.0.1 |
||
mozilla thunderbird 2.0.0.4 |
||
mozilla thunderbird 2.0.0.0 |
||
mozilla seamonkey 1.0.7 |
||
mozilla seamonkey 1.0.8 |
||
mozilla seamonkey 1.1.4 |
||
mozilla seamonkey 1.1.5 |
||
mozilla seamonkey 1.1.12 |
||
mozilla firefox |
||
mozilla firefox 2.0.0.13 |
||
mozilla firefox 2.0.0.12 |
||
mozilla firefox 2.0.0.4 |
||
mozilla firefox 2.0.0.3 |
||
mozilla thunderbird 2.0.0.6 |
||
mozilla thunderbird 2.0.0.5 |
||
mozilla seamonkey 1.0.5 |
||
mozilla seamonkey 1.0.6 |
||
mozilla seamonkey 1.1.2 |
||
mozilla seamonkey 1.1.3 |
||
mozilla seamonkey 1.1.10 |
||
mozilla seamonkey 1.1.11 |
||
mozilla firefox 2.0.0.16 |
||
mozilla firefox 2.0.0.17 |
||
mozilla firefox 2.0.0.9 |
||
mozilla firefox 2.0.0.8 |
||
mozilla firefox 2.0 |
||
mozilla thunderbird 2.0.0.14 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.0.1 |
||
mozilla seamonkey 1.0.9 |
||
mozilla seamonkey 1.1.6 |
||
mozilla seamonkey 1.1.7 |
||
mozilla thunderbird |
||
mozilla seamonkey |