Mozilla Firefox prior to 16.0.1, Firefox ESR 10.x prior to 10.0.9, Thunderbird prior to 16.0.1, Thunderbird ESR 10.x prior to 10.0.9, and SeaMonkey prior to 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote malicious users to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla firefox esr |
||
mozilla seamonkey |
||
mozilla thunderbird |
||
mozilla thunderbird esr |
||
suse linux enterprise desktop 10 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 10 |
||
suse linux enterprise server 11 |
||
suse linux enterprise software development kit 10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 11.04 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 12.04 |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux eus 6.3 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 5.0 |
||
redhat enterprise linux workstation 6.0 |