VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 6, 2006· Updated Jun 16, 2026

CVE-2006-3352

CVE-2006-3352

Description

Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status

Affected products

31
  • Mozilla Corporation/Firefox31 versions
    cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*+ 30 more
    • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.