CVE-2006-3352

Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attackers originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	0.8 (including)	0.8 (including)
Firefox	Mozilla	0.9 (including)	0.9 (including)
Firefox	Mozilla	0.9-rc (including)	0.9-rc (including)
Firefox	Mozilla	0.9.1 (including)	0.9.1 (including)
Firefox	Mozilla	0.9.2 (including)	0.9.2 (including)
Firefox	Mozilla	0.9.3 (including)	0.9.3 (including)
Firefox	Mozilla	0.10 (including)	0.10 (including)
Firefox	Mozilla	0.10.1 (including)	0.10.1 (including)
Firefox	Mozilla	1.0 (including)	1.0 (including)
Firefox	Mozilla	1.0.1 (including)	1.0.1 (including)
Firefox	Mozilla	1.0.2 (including)	1.0.2 (including)
Firefox	Mozilla	1.0.3 (including)	1.0.3 (including)
Firefox	Mozilla	1.0.4 (including)	1.0.4 (including)
Firefox	Mozilla	1.0.5 (including)	1.0.5 (including)
Firefox	Mozilla	1.0.6 (including)	1.0.6 (including)
Firefox	Mozilla	1.0.7 (including)	1.0.7 (including)
Firefox	Mozilla	1.0.8 (including)	1.0.8 (including)
Firefox	Mozilla	1.5 (including)	1.5 (including)
Firefox	Mozilla	1.5-beta1 (including)	1.5-beta1 (including)
Firefox	Mozilla	1.5-beta2 (including)	1.5-beta2 (including)
Firefox	Mozilla	1.5.0.1 (including)	1.5.0.1 (including)
Firefox	Mozilla	1.5.0.2 (including)	1.5.0.2 (including)
Firefox	Mozilla	1.5.0.3 (including)	1.5.0.3 (including)
Firefox	Mozilla	1.5.0.4 (including)	1.5.0.4 (including)
Firefox	Mozilla	1.5.1 (including)	1.5.1 (including)
Firefox	Mozilla	1.5.2 (including)	1.5.2 (including)
Firefox	Mozilla	1.5.3 (including)	1.5.3 (including)
Firefox	Mozilla	2.0-rc3 (including)	2.0-rc3 (including)
Firefox	Mozilla	preview_release (including)	preview_release (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3352
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References