3 matches found
Design/Logic Flaw
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original UR...
CVE-2008-0593
CVE-2008-0593 affects Gecko-based browsers, notably Firefox < 2.0.0.12 and SeaMonkey
URL token stealing via stylesheet redirect — Mozilla
Security researcher Martin Straka reported that Gecko-based browsers update the .href property of stylesheet DOM nodes to reflect the final URI of the stylesheet after following any 302 redirects much as the document.location property is updated. This differs from other browsers and could...