Mozilla Firefox prior to 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
fedoraproject fedora 10 |
||
suse linux enterprise debuginfo 10 |
||
suse linux enterprise debuginfo 11 |
||
opensuse opensuse 11.0 |
||
opensuse opensuse 11.1 |
||
suse linux enterprise desktop 10 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 10 |
||
suse linux enterprise server 11 |