NVD Vulnerability Detail

CVE-2006-3352

Summary	Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status
Publication Date	July 6, 2006, 10:05 a.m.
Registration Date	Jan. 29, 2021, 3:40 p.m.
Last Update	Aug. 8, 2024, 4:15 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:firefox:1.5.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9:::::::*
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6::linux:::::
cpe:2.3:a:mozilla:firefox:preview_release:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
cpe:2.3:a:mozilla:firefox:0.9:rc::::::
cpe:2.3:a:mozilla:firefox:1.5.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:0.10:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:2.0:rc3::::::
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*

Related information, measures and tools

No	URL	refsource
1	http://isc.sans.org/diary.php?storyid=1448	MISC
2	http://www.securityfocus.com/bid/18734	BID
3	http://www.securityfocus.com/archive/1/439146/100/0/threaded	BUGTRAQ
4	http://www.securityfocus.com/archive/1/438864/100/0/threaded	BUGTRAQ
5	http://www.securityfocus.com/archive/1/438863/100/0/threaded	BUGTRAQ
6	http://www.securityfocus.com/archive/1/438811/100/0/threaded	BUGTRAQ
7	http://www.securityfocus.com/archive/1/438788/100/0/threaded	BUGTRAQ
8	http://www.securityfocus.com/archive/1/438785/100/0/threaded	BUGTRAQ

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:firefox:1.5.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9:::::::*
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6::linux:::::
cpe:2.3:a:mozilla:firefox:preview_release:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
cpe:2.3:a:mozilla:firefox:0.9:rc::::::
cpe:2.3:a:mozilla:firefox:1.5.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:0.10:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:2.0:rc3::::::
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*