CVE-2006-3352Mozilla Firefox vulnerability

4 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.7%
top 27.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedJul 6
Latest updateMay 1

Description

Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpr

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDmozilla/firefox26 versions+25

🔴Vulnerability Details

1
GHSA
GHSA-qcwg-qcmw-7525: ** DISPUTED ** Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object2022-05-01

💬Community

1
Bugzilla
CVE-2005-3352, CVE-2006-3918 apache security issues2006-09-25