The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7 do not properly restrict XBL user-defined functions, which allows remote malicious users to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
mozilla firefox 19.0 |
||
mozilla firefox 19.0.1 |
||
mozilla firefox 19.0.2 |
||
mozilla firefox |
||
mozilla firefox 20.0 |
||
mozilla firefox 20.0.1 |
||
mozilla firefox esr 17.0 |
||
mozilla firefox esr 17.0.3 |
||
mozilla firefox esr 17.0.2 |
||
mozilla firefox esr 17.0.1 |
||
mozilla firefox esr 17.0.6 |
||
mozilla firefox esr 17.0.4 |
||
mozilla firefox esr 17.0.5 |
||
mozilla thunderbird 17.0.1 |
||
mozilla thunderbird 17.0.3 |
||
mozilla thunderbird 17.0.2 |
||
mozilla thunderbird 17.0 |
||
mozilla thunderbird |
||
mozilla thunderbird 17.0.4 |
||
mozilla thunderbird 17.0.5 |
||
mozilla thunderbird esr 17.0.2 |
||
mozilla thunderbird esr 17.0.3 |
||
mozilla thunderbird esr 17.0.4 |
||
mozilla thunderbird esr 17.0 |
||
mozilla thunderbird esr 17.0.1 |
||
mozilla thunderbird esr 17.0.5 |
||
mozilla thunderbird esr 17.0.6 |
Vulmon