| Vulnerability Name: | CVE-2006-3352 | ||||||||
| Assigned: | 2006-07-05 | ||||||||
| Published: | 2006-07-05 | ||||||||
| Updated: | 2018-10-18 | ||||||||
| Summary: | ** DISPUTED ** Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. Note: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status. | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-3352 Source: MISC Type: UNKNOWN http://isc.sans.org/diary.php?storyid=1448 Source: BUGTRAQ Type: UNKNOWN 20060630 Browser bugs hit IE, Firefox today (SANS) Source: BUGTRAQ Type: UNKNOWN 20060630 Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) Source: BUGTRAQ Type: UNKNOWN 20060630 ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox] Source: BUGTRAQ Type: UNKNOWN 20060630 RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) Source: BUGTRAQ Type: UNKNOWN 20060630 Re: Browser bugs hit IE, Firefox today (SANS) Source: BUGTRAQ Type: UNKNOWN 20060704 Re: Browser bugs hit IE, Firefox today (SANS) Source: BID Type: UNKNOWN 18734 | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||