Lucene search

[email protected]CVE-2006-3352

HistoryJul 06, 2006 - 1:05 a.m.

CVE-2006-3352

2006-07-0601:05:00

[email protected]

web.nvd.nist.gov

cve-2006-3352

mozilla firefox

cross-domain vulnerability

remote attackers

information security

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.088 Low

EPSS

Percentile

94.6%

JSON

Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker’s originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status

Affected configurations

NVD

Node

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.6linux

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5beta1

mozillafirefoxMatch1.5beta2

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.1

mozillafirefoxMatch1.5.2

mozillafirefoxMatch1.5.3

mozillafirefoxMatch2.0rc3

mozillafirefoxMatchpreview_release

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq0.8
mozilla:firefoxmozilla firefoxeq0.9
mozilla:firefoxmozilla firefoxeq0.9.1
mozilla:firefoxmozilla firefoxeq0.9.2
mozilla:firefoxmozilla firefoxeq0.9.3
mozilla:firefoxmozilla firefoxeq0.10
mozilla:firefoxmozilla firefoxeq0.10.1
mozilla:firefoxmozilla firefoxeq1.0
mozilla:firefoxmozilla firefoxeq1.0.1
mozilla:firefoxmozilla firefoxeq1.0.2

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	0.8
mozilla:firefox	mozilla firefox	eq	0.9
mozilla:firefox	mozilla firefox	eq	0.9.1
mozilla:firefox	mozilla firefox	eq	0.9.2
mozilla:firefox	mozilla firefox	eq	0.9.3
mozilla:firefox	mozilla firefox	eq	0.10
mozilla:firefox	mozilla firefox	eq	0.10.1
mozilla:firefox	mozilla firefox	eq	1.0
mozilla:firefox	mozilla firefox	eq	1.0.1
mozilla:firefox	mozilla firefox	eq	1.0.2

Rows per page:

1-10 of 261

References

isc.sans.org/diary.php?storyid=1448

www.securityfocus.com/archive/1/438785/100/0/threaded

www.securityfocus.com/archive/1/438788/100/0/threaded

www.securityfocus.com/archive/1/438811/100/0/threaded

www.securityfocus.com/archive/1/438863/100/0/threaded

www.securityfocus.com/archive/1/438864/100/0/threaded

www.securityfocus.com/archive/1/439146/100/0/threaded

www.securityfocus.com/bid/18734

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.088 Low

EPSS

Percentile

94.6%

JSON

Related for CVE-2006-3352

nvd1 cvelist1 nessus8