CVE-2011-4688Mozilla Firefox vulnerability

CWE-2644 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 52.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedDec 7
Latest updateMay 17

Description

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox8.0.1+1

🔴Vulnerability Details

1
GHSA
GHSA-mp2h-wg49-xrpx: Mozilla Firefox 82022-05-17

📋Vendor Advisories

1
Red Hat
firefox: Does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading2011-12-06

💬Community

1
Bugzilla
CVE-2011-4688 firefox: Does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading2011-12-08