CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
68.5%
Mozilla security researcher moz_bug_r_a4 reported that the wrapper class XPCSafeJSObjectWrapper (SJOW) on the Mozilla 1.9.1 development branch has a logical error in its scripted function implementation that allows the caller to run the function within the context of another site. This is a violation of the same-origin policy and could be used to mount an XSS attack.