Same-Origin Policy Bypass

2020-04-1000:58:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

72.1%

JSON

thunderbird/firefox is vulnerable to Same-Origin Policy bypass. It was found that Thunderbird could treat two separate cookies (for web content) as interchangeable if both were for the same domain name but one of those domain names had a trailing “.” character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain.

CPENameOperatorVersion
thunderbirdeq2.0.0.24__10.el5_5
thunderbirdeq1.5.0.12__34.el4
thunderbirdeq1.5.0.12__38.el4
thunderbirdeq2.0.0.18__1.el5
thunderbirdeq1.5.0.5__0.el4.2
thunderbirdeq3.1.9__3.el6_0
thunderbirdeq1.5.0.9__0.1.el4
thunderbirdeq1.5.0.12__36.el4
thunderbirdeq1.5.0.12__30.el4
thunderbirdeq2.0.0.24__8.el5

Name	Operator	Version
thunderbird	eq	2.0.0.24__10.el5_5
thunderbird	eq	1.5.0.12__34.el4
thunderbird	eq	1.5.0.12__38.el4
thunderbird	eq	2.0.0.18__1.el5
thunderbird	eq	1.5.0.5__0.el4.2
thunderbird	eq	3.1.9__3.el6_0
thunderbird	eq	1.5.0.9__0.1.el4
thunderbird	eq	1.5.0.12__36.el4
thunderbird	eq	1.5.0.12__30.el4
thunderbird	eq	2.0.0.24__8.el5