4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
71.9%
Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird
before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before
2.17 do not ensure the correctness of the address bar during history
navigation, which allows remote attackers to conduct cross-site scripting
(XSS) attacks or phishing attacks by leveraging control over navigation
timing.
Author | Note |
---|---|
jdstrand | xulrunner-1.9.2 unmaintained upstream (see README.mozilla for details) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | < 20.0+build1-0ubuntu0.10.04.3 | UNKNOWN |
ubuntu | 11.10 | noarch | firefox | < 20.0+build1-0ubuntu0.11.10.3 | UNKNOWN |
ubuntu | 12.04 | noarch | firefox | < 20.0+build1-0ubuntu0.12.04.3 | UNKNOWN |
ubuntu | 12.10 | noarch | firefox | < 20.0+build1-0ubuntu0.12.10.3 | UNKNOWN |
ubuntu | 13.04 | noarch | firefox | < 20.0+build1-0ubuntu1 | UNKNOWN |
ubuntu | 13.10 | noarch | firefox | < 20.0+build1-0ubuntu1 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | < 17.0.5+build1-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | thunderbird | < 17.0.5+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 17.0.5+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | thunderbird | < 17.0.5+build1-0ubuntu0.12.10.1 | UNKNOWN |