Описание
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 18.0~b2+build1-0ubuntu1 |
| hardy | ignored | end of life |
| lucid | released | 17.0+build2-0ubuntu0.10.04.1 |
| oneiric | released | 17.0+build2-0ubuntu0.11.10.1 |
| precise | released | 17.0+build2-0ubuntu0.12.04.1 |
| quantal | released | 17.0+build2-0ubuntu0.12.10.1 |
| raring | not-affected | 18.0~b2+build1-0ubuntu1 |
| saucy | not-affected | 18.0~b2+build1-0ubuntu1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| oneiric | ignored | end of life |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 17.0+build2-0ubuntu1 |
| hardy | ignored | end of life |
| lucid | released | 17.0+build2-0ubuntu0.10.04.1 |
| oneiric | released | 17.0+build2-0ubuntu0.11.10.1 |
| precise | released | 17.0+build2-0ubuntu0.12.04.1 |
| quantal | released | 17.0+build2-0ubuntu0.12.10.1 |
| raring | not-affected | 17.0+build2-0ubuntu1 |
| saucy | not-affected | 17.0+build2-0ubuntu1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| upstream | needs-triage |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunder ...
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
EPSS
4.3 Medium
CVSS2