Описание
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | |
| devel | DNE | |
| gutsy | not-affected | |
| hardy | not-affected | |
| intrepid | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 3.0.6+nobinonly-0ubuntu1 |
| gutsy | ignored | end of life, was needed |
| hardy | released | 3.0.6+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 3.0.6+nobinonly-0ubuntu0.8.10.1 |
| upstream | released | 3.0.6 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | not-affected | |
| hardy | DNE | |
| intrepid | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| gutsy | DNE | |
| hardy | not-affected | |
| intrepid | not-affected | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| gutsy | not-affected | |
| hardy | not-affected | |
| intrepid | not-affected | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.9.0.6+nobinonly-0ubuntu1 |
| gutsy | ignored | end of life, was needed |
| hardy | released | 1.9.0.6+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 1.9.0.6+nobinonly-0ubuntu0.8.10.1 |
| upstream | released | 1.9.0.6 |
Показывать по
2.6 Low
CVSS2
Связанные уязвимости
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x ...
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
2.6 Low
CVSS2