Описание
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 37.0+build2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [37.0+build2-0ubuntu0.14.04.1]] |
| lucid | ignored | end of life |
| precise | released | 37.0+build2-0ubuntu0.12.04.1 |
| trusty | released | 37.0+build2-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [37.0+build2-0ubuntu0.14.04.1] |
| upstream | released | 37.0 |
| utopic | released | 37.0+build2-0ubuntu0.14.10.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:31.6.0+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:31.6.0+build1-0ubuntu0.14.04.1]] |
| lucid | ignored | end of life |
| precise | released | 1:31.6.0+build1-0ubuntu0.12.04.1 |
| trusty | released | 1:31.6.0+build1-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1:31.6.0+build1-0ubuntu0.14.04.1] |
| upstream | released | 31.6.0 |
| utopic | released | 1:31.6.0+build1-0ubuntu0.14.10.1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunder ...
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
Уязвимость почтового клиента Thunderbird, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код
EPSS
5 Medium
CVSS2