QwikSec

Security Database

CVE

CWE

Training

CVE-2006-3352

Published: Jul 6, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20060630 RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

http://isc.sans.org/diary.php?storyid=1448

x_refsource_MISC

20060704 Re: Browser bugs hit IE, Firefox today (SANS)

mailing-list

x_refsource_BUGTRAQ

20060630 Browser bugs hit IE, Firefox today (SANS)

mailing-list

x_refsource_BUGTRAQ

20060630 Re: Browser bugs hit IE, Firefox today (SANS)

mailing-list

x_refsource_BUGTRAQ

20060630 ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox]

mailing-list

x_refsource_BUGTRAQ

20060630 Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.