CVE-2014-1552

Priority
Medium
Description
Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly
implement the sandbox attribute of the IFRAME element, which allows remote
attackers to bypass intended restrictions on same-origin content via a
crafted web site in conjunction with a redirect.
References
Assigned-to
chrisccoulson
Package
Upstream:released (31.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:31.0+build1-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:31.0+build1-0ubuntu0.14.04.1)
Ubuntu 14.10 (Utopic Unicorn):released (1:31.0+build1-0ubuntu2)
Package
Upstream:released (31.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (31.0+build1-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (31.0+build1-0ubuntu0.14.04.1)
Ubuntu 14.10 (Utopic Unicorn):released (31.0~b9+build1-0ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-07-23 19:14:31 UTC (commit 8271)