Lucene search

K

BUGTRAQSECURITYVULNS:VULN:7238

HistoryFeb 27, 2007 - 12:00 a.m.

Mozilla Firefox cross domain access

2007-02-2700:00:00

BUGTRAQ

vulners.com

16

By using
location.hostname='evil.com\x00foo.example.com'
in javascript it's possible to make request for foo.example.com domain to be sent to evil.com. It makes it possible cross-domain access. Vulnerability can be used for hidden malware installation.

CPENameOperatorVersion
firefoxeq2.0

References

vulners.com/securityvulns/securityvulns:doc:16074

vulners.com/securityvulns/securityvulns:doc:16079

vulners.com/securityvulns/securityvulns:doc:16108

vulners.com/securityvulns/securityvulns:doc:16140

vulners.com/securityvulns/securityvulns:doc:16205

Related for SECURITYVULNS:VULN:7238

debiancve1 cve3 ubuntucve3 prion3 seebug3 cert1 mozilla1 exploitpack1 securityvulns1 checkpoint_advisories1 veracode1 exploitdb1 nessus31 osv1 openvas20 gentoo2 debian1 freebsd1 redhat5 centos5 ubuntu2 oraclelinux3 suse2