Mozilla Firefox prior to 19.0, Firefox ESR 17.x prior to 17.0.3, Thunderbird prior to 17.0.3, Thunderbird ESR 17.x prior to 17.0.3, and SeaMonkey prior to 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla firefox esr |
||
mozilla seamonkey |
||
mozilla thunderbird |
||
mozilla thunderbird esr |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.1 |
||
opensuse opensuse 12.2 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 12.10 |