Mozilla Firefox 3.x prior to 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted malicious users to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.0 |
||
mozilla firefox |
||
mozilla firefox 3.0.1 |
||
mozilla firefox 3.0.2 |