Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 8.0 | 8.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 5.0.1 | 5.0.1 |
Firefox | Mozilla | 5.0 | 5.0 |
Firefox | Mozilla | 7.0 | 7.0 |
Firefox | Mozilla | 6.0.2 | 6.0.2 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 13.0 | 13.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 12.0 | 12.0 |
Firefox | Mozilla | 6.0.1 | 6.0.1 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 11.0 | 11.0 |
Firefox | Mozilla | 6.0 | 6.0 |
Firefox | Mozilla | 7.0.1 | 7.0.1 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 12.0 | 12.0 |
Firefox | Mozilla | 8.0.1 | 8.0.1 |
Firefox | Mozilla | 9.0.1 | 9.0.1 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 9.0 | 9.0 |
Firefox | Mozilla | 4.0.1 | 4.0.1 |