Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox SVG文档执行跨域脚本漏洞
Vulnerability Description
Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。 Firefox SVG文档存在跨站脚本漏洞。如果通过Content-Type: application/octet-stream提供的SVG文档通过带有type="image/svg+xml"的<embed>标签嵌入到了其他的文档中,就会忽略Content-Type正常的处理SVG文档。对于允许任意二进制数据而依赖于Content-Type: application/octet-stream防范脚本执行的站点,上述方式导
CVSS Information
N/A
Vulnerability Type
N/A