Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23028

HistoryApr 10, 2020 - 12:12 a.m.

Same-Origin Policy Bypass

2020-04-1000:12:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

18

EPSS

0.97

Percentile

99.8%

thunderbird is vulnerable to same-origin policy bypass. A flaw was found in the way Thunderbird handled the “location.hostname” value during certain browser domain checks. This flaw could allow a malicious HTML mail message to set domain cookies for an arbitrary site, or possibly perform an XSS attack.

References

fedoranews.org/cms/node/2713

fedoranews.org/cms/node/2728

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

lcamtuf.dione.cc/ffhostname.html

lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

rhn.redhat.com/errata/RHSA-2007-0077.html

secunia.com/advisories/24175

secunia.com/advisories/24205

secunia.com/advisories/24238

secunia.com/advisories/24287

secunia.com/advisories/24290

secunia.com/advisories/24293

secunia.com/advisories/24320

secunia.com/advisories/24328

secunia.com/advisories/24333

secunia.com/advisories/24342

secunia.com/advisories/24343

secunia.com/advisories/24384

secunia.com/advisories/24393

secunia.com/advisories/24395

secunia.com/advisories/24437

secunia.com/advisories/24455

secunia.com/advisories/24457

secunia.com/advisories/24650

secunia.com/advisories/25588

security.gentoo.org/glsa/glsa-200703-04.xml

securityreason.com/securityalert/2262

securitytracker.com/id?1017654

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

www.debian.org/security/2007/dsa-1336

www.gentoo.org/security/en/glsa/glsa-200703-08.xml

www.kb.cert.org/vuls/id/885753

www.mandriva.com/security/advisories?name=MDKSA-2007:050

www.mozilla.org/security/announce/2007/mfsa2007-07.html

www.novell.com/linux/security/advisories/2007_22_mozilla.html

www.osvdb.org/32104

www.redhat.com/security/updates/classification/#critical

www.redhat.com/support/errata/RHSA-2007-0078.html

www.redhat.com/support/errata/RHSA-2007-0079.html

www.redhat.com/support/errata/RHSA-2007-0097.html

www.redhat.com/support/errata/RHSA-2007-0108.html

www.securityfocus.com/archive/1/460126/100/200/threaded

www.securityfocus.com/archive/1/460217/100/0/threaded

www.securityfocus.com/archive/1/461336/100/0/threaded

www.securityfocus.com/archive/1/461809/100/0/threaded

www.securityfocus.com/bid/22566

www.ubuntu.com/usn/usn-428-1

www.vupen.com/english/advisories/2007/0624

www.vupen.com/english/advisories/2007/0718

www.vupen.com/english/advisories/2008/0083

access.redhat.com/errata/RHSA-2007:0108

bugzilla.mozilla.org/show_bug.cgi?id=370445

exchange.xforce.ibmcloud.com/vulnerabilities/32533

issues.rpath.com/browse/RPL-1081

issues.rpath.com/browse/RPL-1103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730

EPSS

0.97

Percentile

99.8%

Related for VERACODE:23028

seebug3 cvelist1 cert1 mozilla1 securityvulns2 cve1 checkpoint_advisories1 exploitpack1 prion1 ubuntucve1 nvd1 exploitdb1 zdt1 osv1 openvas20 nessus30 debian1 gentoo2 freebsd1 redhat5 ubuntu2 centos5 oraclelinux3 suse2