CVE-2010-1206

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.5.x through 3.5.10 Mozilla Firefox versions 3.6.x through 3.6.6 SeaMonkey versions prior to 2.0.6

Description The issue concerns the implementation of the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading. This allows remote web servers to conduct spoofing attacks via vectors involving a 204 status code, and also enables remote attackers to conduct spoofing attacks via vectors involving a window.stop call.

Recommendations For Mozilla Firefox versions 3.5.x through 3.5.10, update to version 3.5.11 or later. For Mozilla Firefox versions 3.6.x through 3.6.6, update to version 3.6.7 or later. For SeaMonkey versions prior to 2.0.6, update to version 2.0.6 or later.