Mozilla Firefox prior to 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote malicious users to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 13.2 |
||
opensuse opensuse 13.1 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 14.10 |
||
mozilla firefox |