CVE-2011-4688

Publication date 7 December 2011

Last updated 24 July 2024

Description

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	13.04 raring	Ignored
	12.10 quantal	Ignored
	12.04 LTS precise	Ignored
	11.10 oneiric	Ignored
	11.04 natty	Ignored
	10.10 maverick	Ignored end of life
	10.04 LTS lucid	Ignored end of life
	8.04 LTS hardy	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

upstream hasn't fixed this as of 2012-12-11

mdeslaur

upstream isn't fixing this, marking as ignored

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2011-4688