Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox startDocumentLoad权限许可和访问控制漏洞
Vulnerability Description
Mozilla Firefox是一款非常流行的开放源码WEB浏览器。 Mozilla Firefox 3.6.6之前版本的browser/base/content/browser.js脚本的startDocumentLoad函数在某种与空白文档和正在被加载的文件相关的环境中运行时,没有正确执行同源策略。远程web服务器可借助与204状态代码有关的向量执行欺骗攻击;远程攻击者可借助与windows.stop调用有关的向量执行欺骗攻击。
CVSS Information
N/A
Vulnerability Type
N/A