Candidate: CVE-2010-0170
PublicDate: 2010-03-25 21:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170
 http://www.mozilla.org/security/announce/2010/mfsa2010-10.html
Description:
 Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected
 window.location protection mechanism, which might allow remote attackers to
 bypass the Same Origin Policy and conduct cross-site scripting (XSS)
 attacks via vectors that are specific to each affected plugin.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.mozilla.org/show_bug.cgi?id=541530
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_firefox:
upstream_firefox: released (3.6.2)
dapper_firefox: ignored (reached end-of-life)
hardy_firefox: not-affected
intrepid_firefox: DNE
jaunty_firefox: DNE
karmic_firefox: DNE
devel_firefox: released (3.6.3+nobinonly-0ubuntu2)