Описание
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 3.6.7+build2+nobinonly-0ubuntu1 |
| hardy | ignored | end of life |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | released | 3.6.7+build2+nobinonly-0ubuntu0.10.04.1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 3.6.7+build2+nobinonly-0ubuntu0.8.04.1 |
| jaunty | released | 3.6.7+build2+nobinonly-0ubuntu0.9.04.1 |
| karmic | DNE | |
| lucid | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| jaunty | ignored | |
| karmic | released | 3.6.7+build2+nobinonly-0ubuntu0.9.10.1 |
| lucid | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.9.2.7+build2+nobinonly-0ubuntu1 |
| hardy | released | 1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2 |
| jaunty | released | 1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2 |
| karmic | released | 1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2 |
| lucid | released | 1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1 |
| upstream | needs-triage |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 ...
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
EPSS
6.8 Medium
CVSS2