Mozilla Firefox and Thunderbird 1.x prior to 1.5 and 1.0.x prior to 1.0.8, Mozilla Suite prior to 1.7.13, and SeaMonkey prior to 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote malicious users to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 1.0.3 |
||
mozilla firefox 1.0.4 |
||
mozilla mozilla suite 1.7.11 |
||
mozilla mozilla suite 1.7.6 |
||
mozilla thunderbird 1.0.3 |
||
mozilla thunderbird 1.0.4 |
||
mozilla seamonkey |
||
mozilla thunderbird |
||
mozilla firefox 1.5 |
||
mozilla seamonkey 1.0 |
||
mozilla thunderbird 1.0 |
||
mozilla thunderbird 1.0.6 |
||
mozilla thunderbird 1.5 |
||
mozilla firefox 1.0 |
||
mozilla firefox 1.0.1 |
||
mozilla firefox 1.0.2 |
||
mozilla mozilla suite 1.7.10 |
||
mozilla thunderbird 1.0.1 |
||
mozilla thunderbird 1.0.2 |
||
mozilla firefox |
||
mozilla mozilla suite |
||
mozilla firefox 1.0.5 |
||
mozilla firefox 1.0.6 |
||
mozilla mozilla suite 1.7.7 |
||
mozilla mozilla suite 1.7.8 |
||
mozilla thunderbird 1.0.5 |