Описание
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.
Релиз | Статус | Примечание |
---|---|---|
devel | not-affected | 29.0+build1-0ubuntu0.14.04.2 |
esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [29.0+build1-0ubuntu0.14.04.2]] |
lucid | ignored | end of life |
precise | released | 29.0+build1-0ubuntu0.12.04.2 |
quantal | released | 29.0+build1-0ubuntu0.12.10.3 |
saucy | released | 29.0+build1-0ubuntu0.13.10.3 |
trusty | released | 29.0+build1-0ubuntu0.14.04.2 |
trusty/esm | DNE | trusty was released [29.0+build1-0ubuntu0.14.04.2] |
upstream | released | 29.0 |
Показывать по
Релиз | Статус | Примечание |
---|---|---|
devel | not-affected | |
esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:24.5.0+build1-0ubuntu0.14.04.1]] |
lucid | ignored | end of life |
precise | released | 1:24.5.0+build1-0ubuntu0.12.04.1 |
quantal | released | 1:24.5.0+build1-0ubuntu0.12.10.1 |
saucy | released | 1:24.5.0+build1-0ubuntu0.13.10.1 |
trusty | released | 1:24.5.0+build1-0ubuntu0.14.04.1 |
trusty/esm | DNE | trusty was released [1:24.5.0+build1-0ubuntu0.14.04.1] |
upstream | released | 24.5.0 |
Показывать по
EPSS
9.3 Critical
CVSS2
8.8 High
CVSS3
Связанные уязвимости
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 2 ...
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.
Уязвимость программного пакета SeaMonkey, позволяющая удаленному злоумышленнику выполнить произвольный код
EPSS
9.3 Critical
CVSS2
8.8 High
CVSS3