• 공개일 : 2010-06-26
• 변경일 : 2010-08-21

• 위험도: 4.3
• 액세스 벡터 : NETWORK
• 액세스 복잡성 : 보통
• 인증 : 없음
• 기밀성 영향 : 없음
• 무결성 영향 : 부분
• 가용성 영향 : 없음
• 출처 : http://nvd.nist.gov
• 공개일 : 2010-06-28

The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.

• CONFIRM, https://bugzilla.mozilla.org/show_bug.cgi?id=556957
• CONFIRM, http://hg.mozilla.org/mozilla-central/rev/cadddabb1178
• CONFIRM, http://www.mozilla.org/security/announce/2010/mfsa2010-45.html
• SECUNIA, 40283
• MISC, http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html

• mozilla seamonkey 1.1.2
• mozilla seamonkey 1.5.0.8
• mozilla firefox 3.5.2
• mozilla seamonkey 2.0.4
• mozilla seamonkey 1.5.0.9
• mozilla firefox 3.5.5
• mozilla seamonkey 1.1.6
• mozilla seamonkey 1.1.18
• mozilla seamonkey 1.5.0.10
• mozilla seamonkey 1.1.7
• mozilla seamonkey 1.0.2
• mozilla firefox 3.6.6
• mozilla seamonkey 1.1.10
• mozilla firefox 3.6.3
• mozilla firefox 3.6.2
• mozilla seamonkey 2.0
• mozilla seamonkey 1.1.3
• mozilla seamonkey 1.1.17
• mozilla seamonkey 1.1.19
• mozilla seamonkey 1.0.4
• mozilla seamonkey 2.0.5
• mozilla seamonkey 2.0
• mozilla seamonkey 2.0.1
• mozilla seamonkey 2.0
• mozilla seamonkey 1.0
• mozilla seamonkey 2.0
• mozilla seamonkey 1.0.7
• mozilla seamonkey 2.0
• mozilla firefox 3.5.7
• mozilla firefox 3.5.10
• mozilla firefox 3.6.4
• mozilla seamonkey 1.1
• mozilla seamonkey 2.0a1pre
• mozilla seamonkey 2.0
• mozilla firefox 3.5.9
• mozilla firefox 3.5.4
• mozilla firefox 3.5.6
• mozilla seamonkey 1.1.16
• mozilla seamonkey 1.0.9
• mozilla seamonkey 1.1.12
• mozilla firefox 3.5.1
• mozilla seamonkey 1.0.8
• mozilla seamonkey 1.1.11
• mozilla seamonkey 1.1.8
• mozilla seamonkey 2.0.2
• mozilla seamonkey 1.1.5
• mozilla firefox 3.6.1
• mozilla seamonkey 1.1.9
• mozilla seamonkey 1.1
• mozilla seamonkey 1.1.13
• mozilla seamonkey 2.0
• mozilla seamonkey 1.0.5
• mozilla seamonkey 1.0
• mozilla seamonkey 1.0.3
• mozilla seamonkey 1.0
• mozilla seamonkey 2.0
• mozilla seamonkey 1.1
• mozilla seamonkey 1.1.14
• mozilla seamonkey 1.1.15
• mozilla seamonkey 1.1.1
• mozilla seamonkey 2.0.3
• mozilla seamonkey 1.0.6
• mozilla seamonkey 1.0.1
• mozilla seamonkey 1.1.4
• mozilla firefox 3.5.3