Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-xwvm-8xx6-229v

Опубликовано: 02 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."

Ссылки

EPSS

Процентиль: 71%
0.007
Низкий

CVE ID

CVE-2009-2472

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2009-2472

ubuntu
почти 16 лет назад

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."

redhat логотип

CVE-2009-2472

redhat
почти 16 лет назад

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."

nvd логотип

CVE-2009-2472

nvd
почти 16 лет назад

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."

debian логотип

CVE-2009-2472

debian
почти 16 лет назад

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrappe ...

fstec логотип

BDU:2015-01739

fstec
больше 10 лет назад

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 71%
0.007
Низкий

CVE ID

CVE-2009-2472

Дефекты

CWE-79