The session-restore feature in Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla seamonkey |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 13.1 |
||
oracle solaris 11.3 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise sdk 11 |
||
suse linux enterprise server 11 |