Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x prior to 3.0.6 allows remote malicious users to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.0.4 |
||
mozilla firefox 3.0.5 |
||
mozilla firefox 3.0 |
||
mozilla firefox 3.0.3 |
||
mozilla firefox 3.0.1 |
||
mozilla firefox 3.0.2 |