 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2010-1206 |
| Description: | The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.67768 1.3.6.1.4.1.25623.1.0.67770 1.3.6.1.4.1.25623.1.0.902209 1.3.6.1.4.1.25623.1.0.67771 1.3.6.1.4.1.25623.1.0.67766 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-1206 http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8248 http://secunia.com/advisories/40283 |