Mozilla Firefox 4.x up to and including 13.0 and Firefox ESR 10.x prior to 10.0.6 do not properly establish the security context of a feed: URL, which allows remote malicious users to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 4.0 |
||
mozilla firefox 6.0.1 |
||
mozilla firefox 7.0.1 |
||
mozilla firefox 12.0 |
||
mozilla firefox 13.0 |
||
mozilla firefox 5.0 |
||
mozilla firefox 5.0.1 |
||
mozilla firefox 8.0.1 |
||
mozilla firefox 9.0.1 |
||
mozilla firefox 4.0.1 |
||
mozilla firefox 6.0 |
||
mozilla firefox 6.0.2 |
||
mozilla firefox 9.0 |
||
mozilla firefox 11.0 |
||
mozilla firefox 7.0 |
||
mozilla firefox 8.0 |
||
mozilla firefox esr 10.0.5 |
||
mozilla firefox esr 10.0.2 |
||
mozilla firefox esr 10.0.3 |
||
mozilla firefox esr 10.0.4 |
||
mozilla firefox esr 10.0 |
||
mozilla firefox esr 10.0.1 |