Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
2008-02-09T01:00:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mozilla | firefox | ≤ 2.0.0.11 | Yes |
| Application | mozilla | firefox | 0.2 | Yes |
| Application | mozilla | firefox | 0.9.2 | Yes |
| Application | mozilla | firefox | 1.0.2 | Yes |
| Application | mozilla | firefox | 1.5.0.2 | Yes |
| Application | mozilla | firefox | 1.5.0.12 | Yes |
| Application | mozilla | firefox | 1.5.2 | Yes |
| Application | mozilla | firefox | 2.0 | Yes |
| Application | mozilla | firefox | 2.0.0.1 | Yes |
| Application | mozilla | firefox | 2.0.0.10 | Yes |
| Application | mozilla | seamonkey | * | Yes |
| Application | mozilla | seamonkey | ≤ 1.1.17 | Yes |
| Application | mozilla | seamonkey | 1.0 | Yes |
| Application | mozilla | seamonkey | 1.0 | Yes |
| Application | mozilla | seamonkey | 1.0 | Yes |
| Application | mozilla | seamonkey | 1.0 | Yes |
| Application | mozilla | seamonkey | 1.0 | Yes |
| Application | mozilla | seamonkey | 1.0 | Yes |
| Application | mozilla | seamonkey | 1.0.1 | Yes |
| Application | mozilla | seamonkey | 1.0.2 | Yes |
| Application | mozilla | seamonkey | 1.0.3 | Yes |
| Application | mozilla | seamonkey | 1.0.4 | Yes |
| Application | mozilla | seamonkey | 1.0.5 | Yes |
| Application | mozilla | seamonkey | 1.0.6 | Yes |
| Application | mozilla | seamonkey | 1.0.7 | Yes |
| Application | mozilla | seamonkey | 1.0.8 | Yes |
| Application | mozilla | seamonkey | 1.0.9 | Yes |
| Application | mozilla | seamonkey | 1.0.99 | Yes |
| Application | mozilla | seamonkey | 1.1 | Yes |
| Application | mozilla | seamonkey | 1.1.1 | Yes |
| Application | mozilla | seamonkey | 1.1.2 | Yes |
| Application | mozilla | seamonkey | 1.1.10 | Yes |
| Application | mozilla | seamonkey | 1.1.11 | Yes |
| Application | mozilla | seamonkey | 1.1.12 | Yes |
| Application | mozilla | seamonkey | 1.1.13 | Yes |
| Application | mozilla | seamonkey | 1.1.14 | Yes |
| Application | mozilla | seamonkey | 1.1.15 | Yes |
| Application | mozilla | seamonkey | 1.1.16 | Yes |