MitreCVELIST:CVE-2010-2763CVE-2010-2763
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.
References
lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
www.debian.org/security/2010/dsa-2106
www.mozilla.org/security/announce/2010/mfsa2010-60.html
www.vupen.com/english/advisories/2010/2323
bugzilla.mozilla.org/show_bug.cgi?id=585284
exchange.xforce.ibmcloud.com/vulnerabilities/61665
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12114
Related
