Description
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before
2.0.11, does not properly handle certain redirections involving data: URLs
and Java LiveConnect scripts, which allows remote attackers to start
processes, read arbitrary local files, and establish network connections
via vectors involving a refresh value in the http-equiv attribute of a META
element, which causes the wrong security principal to be used.
Notes
| jdstrand | Ubuntu 11.04 (Natty Narwhal) has 4.0b7. Fixes will be in 4.0b8. |
Package
| Upstream: | released
(3.6.13)
|
Package
| Upstream: | needs-triage
(Ubuntu source uses 3.6.x)
|
Package
| Upstream: | needs-triage
(Ubuntu source uses 3.6.x)
|
Package
| Upstream: | released
(2.0.11)
|
Updated: 2019-12-05 20:55:48 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)