CVE-2011-4688

Firefox < 8.0.1 - Cache Timing Side-Channel via IFRAME Same Origin Policy Violation

Title source: llm
STIX 2.1

Description

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47090
Exploit x_refsource_misc
http://lcamtuf.coredump.cx/cachetime/
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13770

Scores

EPSS 0.0192
EPSS Percentile 77.6%

Details

CWE
CWE-264
Status published
Products (2)
mozilla/firefox 8.0
mozilla/firefox < 8.0.1
Published Dec 07, 2011
Tracked Since Feb 18, 2026