Mozilla Firefox prior to 1.5.0.5, Thunderbird prior to 1.5.0.5, and SeaMonkey prior to 1.0.3 allows remote malicious users to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 1.5 |
||
mozilla firefox 1.5.0.1 |
||
mozilla firefox 1.5.0.2 |
||
mozilla firefox 1.5.0.3 |
||
mozilla firefox 1.5.0.4 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.0.1 |
||
mozilla seamonkey 1.0.2 |
||
mozilla thunderbird 1.5 |
||
mozilla thunderbird 1.5.0.2 |
||
mozilla thunderbird 1.5.0.4 |