CVE-2010-2763 Information
Description
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12 Thunderbird before 3.0.7 and SeaMonkey before 2.0.7 does not properly restrict scripted functions which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://www.debian.org/security/2010/dsa-2106 http://www.mozilla.org/security/announce/2010/mfsa2010-60.html http://www.vupen.com/english/advisories/2010/2323 https://bugzilla.mozilla.org/show_bug.cgi?id=585284 https://exchange.xforce.ibmcloud.com/vulnerabilities/61665 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12114
Share on: