CVE-2010-0170

Priority
Medium
Description
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected
window.location protection mechanism, which might allow remote attackers to
bypass the Same Origin Policy and conduct cross-site scripting (XSS)
attacks via vectors that are specific to each affected plugin.
References
Bugs
Package
Upstream:released (3.6.2)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):released (3.6.3+nobinonly-0ubuntu2)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:36 UTC (commit 5347)