The Chrome Object Wrapper (COW) implementation in Mozilla Firefox prior to 21.0, Firefox ESR 17.x prior to 17.0.6, Thunderbird prior to 17.0.6, and Thunderbird ESR 17.x prior to 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote malicious users to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla firefox 19.0 |
||
mozilla firefox 19.0.1 |
||
mozilla firefox 19.0.2 |
||
mozilla firefox 20.0 |
||
mozilla firefox esr 17.0 |
||
mozilla firefox esr 17.0.3 |
||
mozilla firefox esr 17.0.2 |
||
mozilla firefox esr 17.0.1 |
||
mozilla firefox esr 17.0.4 |
||
mozilla firefox esr 17.0.5 |
||
mozilla thunderbird 17.0.2 |
||
mozilla thunderbird 17.0 |
||
mozilla thunderbird 17.0.4 |
||
mozilla thunderbird |
||
mozilla thunderbird 17.0.1 |
||
mozilla thunderbird 17.0.3 |
||
mozilla thunderbird esr 17.0.1 |
||
mozilla thunderbird esr 17.0.2 |
||
mozilla thunderbird esr 17.0.5 |
||
mozilla thunderbird esr 17.0.3 |
||
mozilla thunderbird esr 17.0.4 |
||
mozilla thunderbird esr 17.0 |