Missing subresource integrity check In firefox
Description
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel5 | 0:3.6.23-2.el5_7 | ||
rpm rhel5 | 0:1.9.2.23-1.el5_7 | ||
rpm rhel6 | 0:1.9.2.23-1.el6_1.1 | ||
rpm rhel6 | 0:3.6.23-2.el6_1 | ||
rpm rhel5 | 0:2.0.0.24-26.el5_7 | ||
rpm rhel6 | 0:3.1.15-1.el6_1 |
Aliases
1. 2. 3.