Mozilla Firefox prior to 26.0 and SeaMonkey prior to 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote malicious users to bypass intended sandbox restrictions via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla seamonkey |
||
fedoraproject fedora 19 |
||
fedoraproject fedora 20 |
||
oracle solaris 11.3 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 13.04 |
||
canonical ubuntu linux 13.10 |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux eus 6.5 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux server aus 6.5 |
||
redhat enterprise linux server eus 6.5 |
||
redhat enterprise linux server tus 6.5 |
||
redhat enterprise linux workstation 5.0 |
||
redhat enterprise linux workstation 6.0 |
||
opensuse opensuse 12.2 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 13.1 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 11 |
||
suse linux enterprise software development kit 11 |