Описание
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 37.0+build2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [37.0+build2-0ubuntu0.14.04.1]] |
| lucid | ignored | end of life |
| precise | released | 37.0+build2-0ubuntu0.12.04.1 |
| trusty | released | 37.0+build2-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [37.0+build2-0ubuntu0.14.04.1] |
| upstream | released | 37.0 |
| utopic | released | 37.0+build2-0ubuntu0.14.10.1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
Mozilla Firefox before 37.0 relies on docshell type information instea ...
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код
EPSS
5 Medium
CVSS2