Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2010-2763

Опубликовано: 09 сент. 2010
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3

Описание

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

DNE

jaunty

released

3.5.12+build1+nobinonly-0ubuntu0.9.04.1
karmic

not-affected

lucid

DNE

upstream

needs-triage

Ubuntu source uses 3.6.x

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

2.0.7+build1+nobinonly-0ubuntu1
hardy

released

2.0.8+build1+nobinonly-0ubuntu0.8.04.1
jaunty

released

2.0.8+build1+nobinonly-0ubuntu0.9.04.1
karmic

released

2.0.8+build1+nobinonly-0ubuntu0.9.10.1
lucid

released

2.0.7+build1+nobinonly-0ubuntu0.10.04.1
upstream

released

2.0.7

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

not-affected

hardy

ignored

end of life
jaunty

ignored

end of life
karmic

ignored

end of life
lucid

released

3.0.7+build1+nobinonly-0ubuntu0.10.04.1
upstream

released

3.0.7, 3.1.3

Показывать по

Ссылки на источники

EPSS

Процентиль: 67%
0.00528
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2010-2763

nvd
больше 15 лет назад

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.

debian логотип

CVE-2010-2763

debian
больше 15 лет назад

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...

github логотип

GHSA-39cx-g389-rw9j

github
больше 3 лет назад

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.

EPSS

Процентиль: 67%
0.00528
Низкий

4.3 Medium

CVSS2