5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
70.6%
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x
before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before
10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote
attackers to spoof the address bar via vectors involving authentication
information in the userinfo field of a URL, in conjunction with a 204 (aka
No Content) HTTP status code.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | < 18.0+build1-0ubuntu0.10.04.3 | UNKNOWN |
ubuntu | 11.10 | noarch | firefox | < 18.0+build1-0ubuntu0.11.10.3 | UNKNOWN |
ubuntu | 12.04 | noarch | firefox | < 18.0+build1-0ubuntu0.12.04.3 | UNKNOWN |
ubuntu | 12.10 | noarch | firefox | < 18.0+build1-0ubuntu0.12.10.3 | UNKNOWN |
ubuntu | 13.04 | noarch | firefox | < 19.0~b1+build2-0ubuntu1 | UNKNOWN |
ubuntu | 13.10 | noarch | firefox | < 19.0~b1+build2-0ubuntu1 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | < 17.0.2+build1-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | thunderbird | < 17.0.2+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 17.0.2+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | thunderbird | < 17.0.2+build1-0ubuntu0.12.10.1 | UNKNOWN |