CVE-2010-1206 — Mozilla Seamonkey vulnerability
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 35.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 25
Latest updateMay 17
Description
The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vec…
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
6GHSA▶
GHSA-5xrr-g352-hq7j: Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might a↗2022-05-17
GHSA▶
GHSA-rvcf-j2hj-x49c: Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow re↗2022-05-14
CVEList▶
CVE-2010-2454: Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might a↗2010-06-25
📋Vendor Advisories
5💬Community
1Bugzilla▶
CVE-2010-1206 Firefox: Spoofing attacks via vectors involving 'No Content' status code or via a windows.stop call↗2010-06-28