The XrayWrapper implementation in Mozilla Firefox prior to 17.0, Thunderbird prior to 17.0, and SeaMonkey prior to 2.14 does not consider the compartment during property filtering, which allows remote malicious users to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla seamonkey |
||
mozilla thunderbird |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.1 |
||
opensuse opensuse 12.2 |
||
suse linux enterprise desktop 10 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 10 |
||
suse linux enterprise server 11 |
||
suse linux enterprise software development kit 10 |
||
suse linux enterprise software development kit 11 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 12.10 |