Upstream information
Description
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
National Vulnerability Database | |
---|---|
Base Score | 7.5 |
Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
- SUSE-SA:2007:019, published Tue, 06 Mar 2007 18:00:00 +0000
- SUSE-SA:2007:022, published Tue, 20 Mar 2007 11:00:00 +0000
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Server 11 SP1 |
| |
SUSE Linux Enterprise Server 11 SP2 |
| |
SUSE Linux Enterprise Server 11 SP3 |
| |
SUSE Linux Enterprise Server 11 SP4 |
| |
SUSE Linux Enterprise Software Development Kit 11 SP4 |
|