CVE-2014-1530

Priority
Medium
Description
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR
24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows
remote attackers to trigger the loading of a URL with a spoofed baseURI
property, and conduct cross-site scripting (XSS) attacks, via a crafted web
site that performs history navigation.
References
Assigned-to
chrisccoulson
Package
Upstream:released (24.5.0)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:24.5.0+build1-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:24.5.0+build1-0ubuntu0.14.04.1)
Package
Upstream:released (29.0)
Ubuntu 12.04 LTS (Precise Pangolin):released (29.0+build1-0ubuntu0.12.04.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (29.0+build1-0ubuntu0.14.04.2)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:42:24 UTC (commit 9756)