Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attackers originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | 0.8 (including) | 0.8 (including) |
Firefox | Mozilla | 0.9 (including) | 0.9 (including) |
Firefox | Mozilla | 0.9-rc (including) | 0.9-rc (including) |
Firefox | Mozilla | 0.9.1 (including) | 0.9.1 (including) |
Firefox | Mozilla | 0.9.2 (including) | 0.9.2 (including) |
Firefox | Mozilla | 0.9.3 (including) | 0.9.3 (including) |
Firefox | Mozilla | 0.10 (including) | 0.10 (including) |
Firefox | Mozilla | 0.10.1 (including) | 0.10.1 (including) |
Firefox | Mozilla | 1.0 (including) | 1.0 (including) |
Firefox | Mozilla | 1.0.1 (including) | 1.0.1 (including) |
Firefox | Mozilla | 1.0.2 (including) | 1.0.2 (including) |
Firefox | Mozilla | 1.0.3 (including) | 1.0.3 (including) |
Firefox | Mozilla | 1.0.4 (including) | 1.0.4 (including) |
Firefox | Mozilla | 1.0.5 (including) | 1.0.5 (including) |
Firefox | Mozilla | 1.0.6 (including) | 1.0.6 (including) |
Firefox | Mozilla | 1.0.7 (including) | 1.0.7 (including) |
Firefox | Mozilla | 1.0.8 (including) | 1.0.8 (including) |
Firefox | Mozilla | 1.5 (including) | 1.5 (including) |
Firefox | Mozilla | 1.5-beta1 (including) | 1.5-beta1 (including) |
Firefox | Mozilla | 1.5-beta2 (including) | 1.5-beta2 (including) |
Firefox | Mozilla | 1.5.0.1 (including) | 1.5.0.1 (including) |
Firefox | Mozilla | 1.5.0.2 (including) | 1.5.0.2 (including) |
Firefox | Mozilla | 1.5.0.3 (including) | 1.5.0.3 (including) |
Firefox | Mozilla | 1.5.0.4 (including) | 1.5.0.4 (including) |
Firefox | Mozilla | 1.5.1 (including) | 1.5.1 (including) |
Firefox | Mozilla | 1.5.2 (including) | 1.5.2 (including) |
Firefox | Mozilla | 1.5.3 (including) | 1.5.3 (including) |
Firefox | Mozilla | 2.0-rc3 (including) | 2.0-rc3 (including) |
Firefox | Mozilla | preview_release (including) | preview_release (including) |