Описание
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-3986
- https://bugzilla.mozilla.org/show_bug.cgi?id=522430
- https://bugzilla.redhat.com/show_bug.cgi?id=546724
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54803
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11568
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8489
- https://rhn.redhat.com/errata/RHSA-2009-1674.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html
- http://secunia.com/advisories/37699
- http://secunia.com/advisories/37704
- http://secunia.com/advisories/37785
- http://secunia.com/advisories/37813
- http://secunia.com/advisories/37856
- http://secunia.com/advisories/37881
- http://securitytracker.com/id?1023344
- http://securitytracker.com/id?1023345
- http://www.debian.org/security/2009/dsa-1956
- http://www.mozilla.org/security/announce/2009/mfsa2009-70.html
- http://www.novell.com/linux/security/advisories/2009_63_firefox.html
- http://www.securityfocus.com/bid/37349
- http://www.securityfocus.com/bid/37365
- http://www.ubuntu.com/usn/USN-873-1
- http://www.ubuntu.com/usn/USN-874-1
- http://www.vupen.com/english/advisories/2009/3547
Связанные уязвимости
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey be ...
