← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

PublicDateAtUSN: 2010-06-25
Candidate: CVE-2010-1206
PublicDate: 2010-06-25
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206
 http://www.ubuntu.com/usn/usn-930-4
 http://www.ubuntu.com/usn/usn-957-1
Description:
 The startDocumentLoad function in browser/base/content/browser.js in
 Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey
 before 2.0.6, does not properly implement the Same Origin Policy in certain
 circumstances related to the about:blank document and a document that is
 currently loading, which allows (1) remote web servers to conduct spoofing
 attacks via vectors involving a 204 (aka No Content) status code, and
 allows (2) remote attackers to conduct spoofing attacks via vectors
 involving a window.stop call.
Ubuntu-Description:
Notes:
 jdstrand> CVEs in Firefox are tracked in the xulrunner source packages for
  builds that use the system xulrunner, and firefox source packages for those
  that use a static build
   xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul)
   xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul)
   xulrunner-1.9: (ignored) reverse dependencies no longer process web content
   xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content
   xulrunner-1.9.2: system xul for reverese dependencies that process web content
   firefox: Ubuntu 6.06 LTS (static build)
   firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher)
   firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x)
   firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead)
   firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)
Bugs:
 https://bugzilla.mozilla.org/show_bug.cgi?id=556957
Priority: medium
Discovered-by:
Assigned-to:

Patches_firefox:
upstream_firefox: needs-triage
dapper_firefox: ignored (reached end-of-life)
hardy_firefox: ignored (uses system xulrunner)
jaunty_firefox: DNE
karmic_firefox: DNE
lucid_firefox: released (3.6.7+build2+nobinonly-0ubuntu0.10.04.1)
devel_firefox: released (3.6.7+build2+nobinonly-0ubuntu1)

Patches_firefox-3.0:
upstream_firefox-3.0: needs-triage (Ubuntu source uses 3.6.x)
dapper_firefox-3.0: DNE
hardy_firefox-3.0: released (3.6.7+build2+nobinonly-0ubuntu0.8.04.1)
jaunty_firefox-3.0: released (3.6.7+build2+nobinonly-0ubuntu0.9.04.1)
karmic_firefox-3.0: DNE
lucid_firefox-3.0: DNE
devel_firefox-3.0: DNE

Patches_firefox-3.5:
upstream_firefox-3.5: needs-triage (Ubuntu source uses 3.6.x)
dapper_firefox-3.5: DNE
hardy_firefox-3.5: DNE
jaunty_firefox-3.5: ignored
karmic_firefox-3.5: released (3.6.7+build2+nobinonly-0ubuntu0.9.10.1)
lucid_firefox-3.5: DNE
devel_firefox-3.5: DNE


Patches_xulrunner-1.9.2:
upstream_xulrunner-1.9.2: needs-triage
dapper_xulrunner-1.9.2: DNE
hardy_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2)
jaunty_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2)
karmic_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2)
lucid_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1)
devel_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu1)


Patches_seamonkey:
upstream_seamonkey: released (2.0.6)
dapper_seamonkey: DNE
hardy_seamonkey: released (2.0.8+build1+nobinonly-0ubuntu0.8.04.1)
jaunty_seamonkey: released (2.0.8+build1+nobinonly-0ubuntu0.9.04.1)
karmic_seamonkey: released (2.0.8+build1+nobinonly-0ubuntu0.9.10.1)
lucid_seamonkey: released (2.0.6+build1+nobinonly-0ubuntu0.10.04.1)
devel_seamonkey: released (2.0.6+build1+nobinonly-0ubuntu1)