← voltar
CVE-2010-2763

CVE-2010-2763

EPSS 1.6%
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=585284https://exchange.xforce.ibmcloud.com/vulnerabilities/61665https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12114http://www.debian.org/security/2010/dsa-2106http://www.mozilla.org/security/announce/2010/mfsa2010-60.htmlhttp://www.vupen.com/english/advisories/2010/2323