N/A

Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status

N/A

N/A

作废: Mozilla Firefox OuterHTML重定向处理信息泄露漏洞

** 有争议 ** Mozilla Firefox存在跨域漏洞。 远程攻击者可以借助带data参数的对象标签从其他域访问受限的信息。 该参数引用攻击者的起源站点上的一个链接，该链接指定引用目标站点的位置HTTP标头，然后通过对象的outerHTML属性使内容可用。 注: 本说明基于原作者已经撤销的报告。 作者对他们的实验结果作出了错误的解释。其他第三方也对原报告提出了反驳。因此，这不是漏洞。对其指定漏洞编号的目的是为了清楚地表明漏洞状况。

N/A

N/A