Mozilla Firefox 4.x up to and including 13.0, Firefox ESR 10.x prior to 10.0.6, Thunderbird 5.0 up to and including 13.0, Thunderbird ESR 10.x prior to 10.0.6, and SeaMonkey prior to 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote malicious users to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
mozilla firefox 4.0 |
||
mozilla firefox 6.0.1 |
||
mozilla firefox 7.0.1 |
||
mozilla firefox 12.0 |
||
mozilla firefox 13.0 |
||
mozilla firefox 7.0 |
||
mozilla firefox 8.0 |
||
mozilla firefox 5.0 |
||
mozilla firefox 5.0.1 |
||
mozilla firefox 8.0.1 |
||
mozilla firefox 9.0.1 |
||
mozilla firefox 4.0.1 |
||
mozilla firefox 6.0 |
||
mozilla firefox 6.0.2 |
||
mozilla firefox 9.0 |
||
mozilla firefox 11.0 |
||
mozilla firefox esr 10.0.5 |
||
mozilla firefox esr 10.0.1 |
||
mozilla firefox esr 10.0.2 |
||
mozilla firefox esr 10.0.3 |
||
mozilla firefox esr 10.0.4 |
||
mozilla firefox esr 10.0 |
||
mozilla thunderbird 8.0 |
||
mozilla thunderbird 9.0.1 |
||
mozilla thunderbird 12.0 |
||
mozilla thunderbird 13.0 |
||
mozilla thunderbird 5.0 |
||
mozilla thunderbird 6.0 |
||
mozilla thunderbird 9.0 |
||
mozilla thunderbird 10.0.2 |
||
mozilla thunderbird 6.0.1 |
||
mozilla thunderbird 6.0.2 |
||
mozilla thunderbird 10.0.3 |
||
mozilla thunderbird 10.0.1 |
||
mozilla thunderbird 10.0 |
||
mozilla thunderbird 7.0.1 |
||
mozilla thunderbird 7.0 |
||
mozilla thunderbird 10.0.4 |
||
mozilla thunderbird 11.0 |
||
mozilla thunderbird esr 10.0.2 |
||
mozilla thunderbird esr 10.0.5 |
||
mozilla thunderbird esr 10.0.3 |
||
mozilla thunderbird esr 10.0.4 |
||
mozilla thunderbird esr 10.0 |
||
mozilla thunderbird esr 10.0.1 |
||
mozilla seamonkey 2.1 |
||
mozilla seamonkey 2.0.5 |
||
mozilla seamonkey 2.0.2 |
||
mozilla seamonkey 2.0 |
||
mozilla seamonkey 1.1.19 |
||
mozilla seamonkey 1.1.15 |
||
mozilla seamonkey 1.1.11 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.1.4 |
||
mozilla seamonkey 1.0.6 |
||
mozilla seamonkey 1.5.0.10 |
||
mozilla seamonkey 1.1.3 |
||
mozilla seamonkey 1.0.5 |
||
mozilla seamonkey 1.0.4 |
||
mozilla seamonkey |
||
mozilla seamonkey 2.0.8 |
||
mozilla seamonkey 2.0.1 |
||
mozilla seamonkey 2.0.12 |
||
mozilla seamonkey 2.0.4 |
||
mozilla seamonkey 1.1.18 |
||
mozilla seamonkey 1.1.8 |
||
mozilla seamonkey 1.1.17 |
||
mozilla seamonkey 1.1.6 |
||
mozilla seamonkey 1.1.9 |
||
mozilla seamonkey 1.1.5 |
||
mozilla seamonkey 1.5.0.8 |
||
mozilla seamonkey 1.1.2 |
||
mozilla seamonkey 1.1.13 |
||
mozilla seamonkey 1.0.3 |
||
mozilla seamonkey 1.0.2 |
||
mozilla seamonkey 2.0.7 |
||
mozilla seamonkey 2.0.11 |
||
mozilla seamonkey 2.0.13 |
||
mozilla seamonkey 2.0.10 |
||
mozilla seamonkey 1.1.7 |
||
mozilla seamonkey 1.1.16 |
||
mozilla seamonkey 1.1.12 |
||
mozilla seamonkey 1.1 |
||
mozilla seamonkey 1.5.0.9 |
||
mozilla seamonkey 1.0.9 |
||
mozilla seamonkey 1.0.1 |
||
mozilla seamonkey 2.0.9 |
||
mozilla seamonkey 2.0.6 |
||
mozilla seamonkey 2.0.14 |
||
mozilla seamonkey 2.0.3 |
||
mozilla seamonkey 1.1.1 |
||
mozilla seamonkey 1.1.14 |
||
mozilla seamonkey 1.1.10 |
||
mozilla seamonkey 1.0.8 |
||
mozilla seamonkey 1.0.7 |
Vulmon