CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.5%
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before
3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows
remote attackers to “pollute XPCNativeWrappers” and execute arbitrary code
with chrome privileges via vectors related to (1) chrome XBL and (2) chrome
JS.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3 | UNKNOWN |
ubuntu | 7.04 | noarch | firefox | < 2.0.0.17+0nobinonly-0ubuntu0.7.4 | UNKNOWN |
ubuntu | 7.10 | noarch | firefox | < 2.0.0.17+1nobinonly-0ubuntu0.7.10 | UNKNOWN |
ubuntu | 8.04 | noarch | firefox | < 2.0.0.17+1nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | firefox | < 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | firefox | < 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 11.04 | noarch | firefox | < 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.04 | noarch | firefox-3.0 | < 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | firefox-3.0 | < 3.0.3+build1+nobinonly-0ubuntu1 | UNKNOWN |
ubuntu | 9.04 | noarch | firefox-3.0 | < 3.0.3+build1+nobinonly-0ubuntu1 | UNKNOWN |