CVE-2010-0170
Priority
Medium
Description
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected
window.location protection mechanism, which might allow remote attackers to
bypass the Same Origin Policy and conduct cross-site scripting (XSS)
attacks via vectors that are specific to each affected plugin.
window.location protection mechanism, which might allow remote attackers to
bypass the Same Origin Policy and conduct cross-site scripting (XSS)
attacks via vectors that are specific to each affected plugin.
References
Package
| Upstream: | released (3.6.2) |
| Ubuntu 8.04 LTS (Hardy Heron): | not-affected |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (3.6.3+nobinonly-0ubuntu2) |