CERTA-2004-AVI-052
Vulnerability from certfr_avis - Published: - Updated:None
Description
Mozilla est un navigateur «open source».
Une vulnérabilité découverte dans ce navigateur permet, lors du délai de passage d'une page web à une autre, d'interagir avec l'ancienne page. Un utilisateur mal intentionné peut déclencher par ce biais, par exemple, un programme javascript qui s'appliquera dans le domaine de la nouvelle page, et mener une attaque de type «cross-site scripting».
Solution
Les dernières mises à jour de Mozilla (versions 1.4.2 et 1.6b) corrigent cette vulnérabilité.
Ces versions peuvent être téléchargées sur le site de Mozilla :
http://www.mozilla.org
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla 1.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla 1.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla 1.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla 1.6.",
"product": {
"name": "N/A",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla 1.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nMozilla est un navigateur \u00abopen source\u00bb.\n\nUne vuln\u00e9rabilit\u00e9 d\u00e9couverte dans ce navigateur permet, lors du d\u00e9lai de\npassage d\u0027une page web \u00e0 une autre, d\u0027interagir avec l\u0027ancienne page. Un\nutilisateur mal intentionn\u00e9 peut d\u00e9clencher par ce biais, par exemple,\nun programme javascript qui s\u0027appliquera dans le domaine de la nouvelle\npage, et mener une attaque de type \u00abcross-site scripting\u00bb.\n\n## Solution\n\nLes derni\u00e8res mises \u00e0 jour de Mozilla (versions 1.4.2 et 1.6b) corrigent\ncette vuln\u00e9rabilit\u00e9.\n\nCes versions peuvent \u00eatre t\u00e9l\u00e9charg\u00e9es sur le site de Mozilla :\n\n http://www.mozilla.org\n",
"cves": [],
"links": [
{
"title": "Avis de s\u00e9curit\u00e9 de Mozilla :",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=227417"
}
],
"reference": "CERTA-2004-AVI-052",
"revisions": [
{
"description": "version initiale ;",
"revision_date": "2004-02-27T00:00:00.000000"
},
{
"description": "correction typographique.",
"revision_date": "2004-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Attaque de type \u00abcross site scripting\u00bb"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 dans le navigateur Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 Mozilla",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…