Mozilla Firefox and Thunderbird 1.x prior to 1.5 and 1.0.x prior to 1.0.8, Mozilla Suite prior to 1.7.13, and SeaMonkey prior to 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote malicious users to conduct cross-site scripting (XSS) attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 1.0 |
||
mozilla firefox 1.5 |
||
mozilla thunderbird 1.0 |
||
mozilla thunderbird 1.0.1 |
||
mozilla thunderbird 1.5 |
||
mozilla firefox 1.0.3 |
||
mozilla firefox 1.0.4 |
||
mozilla mozilla suite 1.7.6 |
||
mozilla mozilla suite 1.7.7 |
||
mozilla thunderbird 1.0.4 |
||
mozilla thunderbird 1.0.5 |
||
mozilla seamonkey |
||
mozilla thunderbird |
||
mozilla firefox 1.0.5 |
||
mozilla firefox 1.0.6 |
||
mozilla mozilla suite 1.7.8 |
||
mozilla seamonkey 1.0 |
||
mozilla thunderbird 1.0.6 |
||
mozilla firefox 1.0.1 |
||
mozilla firefox 1.0.2 |
||
mozilla mozilla suite 1.7.10 |
||
mozilla mozilla suite 1.7.11 |
||
mozilla thunderbird 1.0.2 |
||
mozilla thunderbird 1.0.3 |
||
mozilla firefox |
||
mozilla mozilla suite |