Bug 761550 (CVE-2011-4688)

Summary: CVE-2011-4688 firefox: Does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: gecko-bugs-nobody, gecko-bugs-nobody
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-22 15:48:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Lieskovsky 2011-12-08 15:25:42 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4688 to the following vulnerability:

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

References:
[1] http://lcamtuf.coredump.cx/cachetime/
[2] http://secunia.com/advisories/47090
[3] http://sip.cs.princeton.edu/pub/webtiming.pdf