The certificate-warning functionality in
browser/components/certerror/content/aboutCertError.xhtml in Mozilla
Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0
through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10
does not properly handle attempted clickjacking of the about:certerror
page, which allows man-in-the-middle attackers to trick users into adding
an unintended exception via an IFRAME element.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | < 13.0.1+build1-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.04 | noarch | firefox | < 13.0.1+build1-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | firefox | < 13.0.1+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | firefox | < 13.0.1+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | < 13.0.1+build1-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.04 | noarch | thunderbird | < 13.0.1+build1-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | thunderbird | < 13.0.1+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 13.0.1+build1-0ubuntu0.12.04.1 | UNKNOWN |