Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox和SeaMonkey 安全漏洞
Vulnerability Description
Mozilla Firefox和SeaMonkey都是由美国Mozilla基金会开发。Firefox是一款开源Web浏览器。SeaMonkey是一套免费、开源以及跨平台的网络套装软件。 Mozilla Firefox 27.0.1及之前的版本和SeaMonkey 2.25.beta2及之前的版本中的session-restore功能存在安全漏洞,该漏洞源于程序没有考虑data: URL的内容安全策略(Content Security Policy)。远程攻击者可借助特制的文档利用该漏洞实施跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A