Firefox prior to 1.0.4 and Mozilla Suite prior to 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote malicious users to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 0.9.1 |
||
mozilla firefox 0.9.2 |
||
mozilla mozilla 1.4 |
||
mozilla mozilla 1.4.1 |
||
mozilla mozilla 1.6 |
||
mozilla mozilla 1.7.6 |
||
mozilla mozilla 1.7.7 |
||
mozilla firefox 0.8 |
||
mozilla firefox 0.9 |
||
mozilla firefox 1.0.3 |
||
mozilla mozilla 1.3 |
||
mozilla mozilla 1.5 |
||
mozilla mozilla 1.7.3 |
||
mozilla mozilla 1.7.5 |
||
mozilla firefox 0.9.3 |
||
mozilla mozilla 1.7 |
||
mozilla firefox 0.10 |
||
mozilla firefox 0.10.1 |
||
mozilla firefox 1.0 |
||
mozilla firefox 1.0.1 |
||
mozilla firefox 1.0.2 |
||
mozilla mozilla 1.5.1 |
||
mozilla mozilla 1.7.1 |
||
mozilla mozilla 1.7.2 |