Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 3.0.4 (including) |
| Firefox | Mozilla | 3.0 (including) | 3.0 (including) |
| Firefox | Mozilla | 3.0.1 (including) | 3.0.1 (including) |
| Firefox | Mozilla | 3.0.2 (including) | 3.0.2 (including) |
| Firefox | Mozilla | 3.0.3 (including) | 3.0.3 (including) |
| Red Hat Enterprise Linux 4 | RedHat | firefox-0:3.0.5-1.el4 | * |
| Red Hat Enterprise Linux 4 | RedHat | nspr-0:4.7.3-1.el4 | * |
| Red Hat Enterprise Linux 4 | RedHat | nss-0:3.12.2.0-1.el4 | * |
| Red Hat Enterprise Linux 5 | RedHat | firefox-0:3.0.5-1.el5_2 | * |
| Red Hat Enterprise Linux 5 | RedHat | nspr-0:4.7.3-2.el5 | * |
| Red Hat Enterprise Linux 5 | RedHat | nss-0:3.12.2.0-2.el5 | * |
| Red Hat Enterprise Linux 5 | RedHat | xulrunner-0:1.9.0.5-1.el5_2 | * |
| Firefox-3.0 | Ubuntu | devel | * |
| Firefox-3.0 | Ubuntu | gutsy | * |
| Firefox-3.0 | Ubuntu | hardy | * |
| Firefox-3.0 | Ubuntu | intrepid | * |
| Firefox-3.0 | Ubuntu | upstream | * |
| Xulrunner-1.9 | Ubuntu | devel | * |
| Xulrunner-1.9 | Ubuntu | gutsy | * |
| Xulrunner-1.9 | Ubuntu | hardy | * |
| Xulrunner-1.9 | Ubuntu | intrepid | * |
| Xulrunner-1.9 | Ubuntu | upstream | * |