The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x prior to 3.5.11 and 3.6.x prior to 3.6.7, and SeaMonkey prior to 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote malicious users to conduct spoofing attacks via vectors involving a window.stop call.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.5.4 |
||
mozilla firefox 3.5.5 |
||
mozilla firefox 3.6.3 |
||
mozilla firefox 3.6.4 |
||
mozilla firefox 3.5.6 |
||
mozilla firefox 3.5.7 |
||
mozilla firefox 3.6.6 |
||
mozilla firefox 3.5.1 |
||
mozilla firefox 3.5.9 |
||
mozilla firefox 3.5.10 |
||
mozilla firefox 3.5.2 |
||
mozilla firefox 3.5.3 |
||
mozilla firefox 3.6.1 |
||
mozilla firefox 3.6.2 |
||
mozilla seamonkey 1.0.5 |
||
mozilla seamonkey 1.0.6 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.1.17 |
||
mozilla seamonkey 1.1.18 |
||
mozilla seamonkey 1.0.7 |
||
mozilla seamonkey 1.0.8 |
||
mozilla seamonkey 1.1.11 |
||
mozilla seamonkey 1.1.12 |
||
mozilla seamonkey 1.1.19 |
||
mozilla seamonkey 1.1.8 |
||
mozilla seamonkey 1.1.9 |
||
mozilla seamonkey 2.0.1 |
||
mozilla seamonkey 2.0.2 |
||
mozilla seamonkey 2.0 |
||
mozilla seamonkey 1.0.1 |
||
mozilla seamonkey 1.0.2 |
||
mozilla seamonkey 1.0.9 |
||
mozilla seamonkey 1.1 |
||
mozilla seamonkey 1.1.13 |
||
mozilla seamonkey 1.1.14 |
||
mozilla seamonkey 1.1.4 |
||
mozilla seamonkey 1.1.5 |
||
mozilla seamonkey 1.5.0.10 |
||
mozilla seamonkey 1.5.0.8 |
||
mozilla seamonkey 1.1.2 |
||
mozilla seamonkey 1.1.3 |
||
mozilla seamonkey 2.0.3 |
||
mozilla seamonkey 2.0.4 |
||
mozilla seamonkey 2.0a1pre |
||
mozilla seamonkey |
||
mozilla seamonkey 1.0.3 |
||
mozilla seamonkey 1.0.4 |
||
mozilla seamonkey 1.1.1 |
||
mozilla seamonkey 1.1.10 |
||
mozilla seamonkey 1.1.15 |
||
mozilla seamonkey 1.1.16 |
||
mozilla seamonkey 1.1.6 |
||
mozilla seamonkey 1.1.7 |
||
mozilla seamonkey 1.5.0.9 |