CVE-2010-2762 Information

Description

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.

Reference

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100112690 http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 http://www.mozilla.org/security/announce/2010/mfsa2010-59.html http://www.securityfocus.com/bid/43092 http://www.vupen.com/english/advisories/2010/2323 http://www.vupen.com/english/advisories/2011/0061 https://bugzilla.mozilla.org/show_bug.cgi?id=584180 https://exchange.xforce.ibmcloud.com/vulnerabilities/61656 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11492