CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.8%
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before
2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the
same origin policy, steal cookies, and conduct other attacks by writing a
URI with a null byte to the hostname (location.hostname) DOM property, due
to interactions with DNS resolver code.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1 | UNKNOWN |
ubuntu | 6.10 | noarch | firefox | < 2.0.0.6+0dfsg-0ubuntu0.6.10 | UNKNOWN |
ubuntu | 7.04 | noarch | firefox | < 2.0.0.6+1-0ubuntu1 | UNKNOWN |
ubuntu | 7.10 | noarch | iceape | < 1.1.4-1ubuntu2 | UNKNOWN |
ubuntu | 7.10 | noarch | lightning-sunbird | < 0.5-0ubuntu4 | UNKNOWN |
ubuntu | 7.10 | noarch | midbrowser | < 0.1.6b-0ubuntu2 | UNKNOWN |
ubuntu | 7.04 | noarch | xulrunner | < 1.8.0.10-3ubuntu1 | UNKNOWN |
ubuntu | 7.10 | noarch | xulrunner | < 1.8.0.10-3ubuntu1 | UNKNOWN |