| Revision Date: | 2014-10-06 | Version: | 29 |
| Title: | Mozilla Firefox Address Bar Spoofing Vulnerability |
| Description: | The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2010-1206
|
| Platform(s): | Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | Mozilla Firefox
Mozilla SeaMonkey
|
| Definition Synopsis |
| Check for vulnerable Firefox Mozilla Firefox Mainline release is installed
AND Check for vulnerable version
Mozilla Firefox Mainline version is 3.5.x before 3.5.11
OR Mozilla Firefox Mainline version is 3.6.x before 3.6.7
OR Check for vulnerable Seamonkey
Mozilla Seamonkey is installed
AND Mozilla Seamonkey version less than 2.0.6
|