CVE-2011-4688
Firefox < 8.0.1 - Cache Timing Side-Channel via IFRAME Same Origin Policy Violation
Title source: llmDescription
Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47090
Exploit x_refsource_misc
http://lcamtuf.coredump.cx/cachetime/
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13770
Scores
EPSS
0.0192
EPSS Percentile
77.6%
Details
CWE
CWE-264
Status
published
Products (2)
mozilla/firefox
8.0
mozilla/firefox
< 8.0.1
Published
Dec 07, 2011
Tracked Since
Feb 18, 2026