{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-30T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060630 RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438863/100/0/threaded"}, {"name": "18734", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18734"}, {"tags": ["x_refsource_MISC"], "url": "http://isc.sans.org/diary.php?storyid=1448"}, {"name": "20060704 Re: Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/439146/100/0/threaded"}, {"name": "20060630 Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438785/100/0/threaded"}, {"name": "20060630 Re: Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438864/100/0/threaded"}, {"name": "20060630 ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438811/100/0/threaded"}, {"name": "20060630 Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438788/100/0/threaded"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3352", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060630 RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438863/100/0/threaded"}, {"name": "18734", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18734"}, {"name": "http://isc.sans.org/diary.php?storyid=1448", "refsource": "MISC", "url": "http://isc.sans.org/diary.php?storyid=1448"}, {"name": "20060704 Re: Browser bugs hit IE, Firefox today (SANS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/439146/100/0/threaded"}, {"name": "20060630 Browser bugs hit IE, Firefox today (SANS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438785/100/0/threaded"}, {"name": "20060630 Re: Browser bugs hit IE, Firefox today (SANS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438864/100/0/threaded"}, {"name": "20060630 ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438811/100/0/threaded"}, {"name": "20060630 Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438788/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:23:21.211Z"}, "title": "CVE Program Container", "references": [{"name": "20060630 RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438863/100/0/threaded"}, {"name": "18734", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18734"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://isc.sans.org/diary.php?storyid=1448"}, {"name": "20060704 Re: Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/439146/100/0/threaded"}, {"name": "20060630 Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438785/100/0/threaded"}, {"name": "20060630 Re: Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438864/100/0/threaded"}, {"name": "20060630 ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438811/100/0/threaded"}, {"name": "20060630 Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438788/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3352", "datePublished": "2006-07-06T01:00:00.000Z", "dateReserved": "2006-07-05T00:00:00.000Z", "dateUpdated": "2024-08-07T18:23:21.211Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3FFF89FA-2020-43CC-BACD-D66117B3DD26", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "834BB391-5EB5-43A8-980A-D305EDAE6FA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*", "matchCriteriaId": "659F5DAF-D54F-43FB-AB2A-3FC7D456B434", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "4F2938F2-A801-45E5-8E06-BE03DE03C8A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "matchCriteriaId": "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "matchCriteriaId": "66BE50FE-EA21-4633-A181-CD35196DF06E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "BCB35099-B04E-4796-A25D-953329FE62F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "5DBEBCFD-80D6-466A-BAEF-C75E65A3B12E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "C30ACBCA-4FA1-46DE-8F15-4830BC27E160", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "B05D2655-6641-42BE-9793-30005AC9D40D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*", "matchCriteriaId": "CFDBA992-46F8-42A6-9428-C9E475CA69E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status"}, {"lang": "es", "value": "** CUESTIONADA ** Vulnerabilidad de dominios cruzados en el navegador web Mozilla Firefox que permite a usuarios remotos acceder a informaci\u00f3n confidencial de otros dominios a trav\u00e9s de una \"object tag\" (etiqueta de objeto) con un par\u00e1metro de datos (\"parameter data\") que hace referencia a un enlace al sitio web origen del ataque que especifica una cabecera con una localizaci\u00f3n HTTP que hace referencia al sitio objetivo, lo que hace el contenido accesible a trav\u00e9s del atributo outerHTML del objeto. NOTA: esta descripci\u00f3n esta basada en un informe que ha sido revisado e impugnado por sus autores originales. Los autores malinterpretaron sus resulados. Terceras partes tambi\u00e9n han discutido sobre la correcci\u00f3n del informe original. Por lo tanto, esta descripci\u00f3n no es de una vulnerabilidad. Ha sido incluida y se le ha asignado un identificador de CVE para proporcionar informaci\u00f3n clara."}], "id": "CVE-2006-3352", "lastModified": "2026-04-16T00:27:16.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-06T01:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://isc.sans.org/diary.php?storyid=1448"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438785/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438788/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438811/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438863/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438864/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/439146/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18734"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://isc.sans.org/diary.php?storyid=1448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438785/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438788/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438811/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438863/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438864/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/439146/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18734"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}