23 matches found
CVE-2007-3656
Mozilla Firefox 1.8.x and earlier versions are affected by CVE-2007-3656 due to not performing a security zone check for wyciwyg URIs. The issue allows a remote attacker to obtain sensitive information, potentially poison the browser cache, and may enable further attack vectors via HTTP 302 redir...
CVE-2007-3656
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...
Firefox wyciwyg:// cache zone bypass
There is an interesting vulnerability in how Mozilla Firefox handles internal wyciwyg:// pseudo-URIs. These cache-related resource identifiers are meant to be inaccessible by the user - but there are at least three routes to bypass these restrictionss, one of which - HTTP 302 redirect - also...