6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
80.4%
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird
before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before
2.13.2 allow remote attackers to bypass the Same Origin Policy and read the
Location object via a prototype property-injection attack that defeats
certain protection mechanisms for this object.
Author | Note |
---|---|
jdstrand | xulrunner-1.9.2 unmaintained upstream (see README.mozilla for details) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | < 16.0.2+build1-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.04 | noarch | firefox | < 16.0.2+build1-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | firefox | < 16.0.2+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | firefox | < 16.0.2+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | firefox | < 16.0.2+build1-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | firefox | < 17.0~b1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 13.10 | noarch | firefox | < 17.0~b1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | < 16.0.2+build1-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | thunderbird | < 16.0.2+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 16.0.2+build1-0ubuntu0.12.04.1 | UNKNOWN |