5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.4%
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before
3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly
enforce the IPv6 literal address syntax, which allows remote attackers to
obtain sensitive information by making XMLHttpRequest calls through a proxy
and reading the error messages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | thunderbird | < 3.1.18+build2+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | thunderbird | < 3.1.18+build2+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 11.04 | noarch | thunderbird | < 3.1.18+build2+nobinonly-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | xulrunner-1.9.2 | < 1.9.2.26+build2+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | xulrunner-1.9.2 | < 1.9.2.26+build2+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 11.04 | noarch | xulrunner-1.9.2 | < 1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1 | UNKNOWN |