Описание
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 23.0+build2-0ubuntu1 |
| lucid | ignored | end of life |
| precise | released | 23.0+build2-0ubuntu0.12.04.1 |
| quantal | released | 23.0+build2-0ubuntu0.12.10.1 |
| raring | released | 23.0+build2-0ubuntu0.13.04.1 |
| upstream | released | 23.0 |
Показывать по
4.3 Medium
CVSS2
Связанные уязвимости
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object.
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object.
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaM ...
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object.
4.3 Medium
CVSS2