The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x prior to 3.6.9 and Thunderbird 3.1.x prior to 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote malicious users to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.6.3 |
||
mozilla firefox 3.6.4 |
||
mozilla firefox 3.6.6 |
||
mozilla firefox 3.6.8 |
||
mozilla firefox 3.6.7 |
||
mozilla firefox 3.6.2 |
||
mozilla firefox 3.6 |
||
mozilla thunderbird 3.1.2 |
||
mozilla thunderbird 3.1 |
||
mozilla thunderbird 3.1.1 |