CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
79.7%
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before
3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and
SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the
same-origin policy and execute arbitrary script via multiple listeners,
which bypass the inner window check.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1 | UNKNOWN |
ubuntu | 7.10 | noarch | firefox | < 2.0.0.18+nobinonly-0ubuntu0.7.10 | UNKNOWN |
ubuntu | 8.04 | noarch | firefox | < 2.0.0.18+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.04 | noarch | firefox-3.0 | < 3.0.4+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | firefox-3.0 | < 3.0.4+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
ubuntu | 6.06 | noarch | mozilla-thunderbird | < 1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1 | UNKNOWN |
ubuntu | 8.04 | noarch | seamonkey | < 1.1.15+nobinonly-0ubuntu0.8.04.2 | UNKNOWN |
ubuntu | 8.10 | noarch | seamonkey | < 1.1.15+nobinonly-0ubuntu0.8.10.2 | UNKNOWN |
ubuntu | 7.10 | noarch | thunderbird | < 2.0.0.18+nobinonly-0ubuntu0.7.10.1 | UNKNOWN |
ubuntu | 8.04 | noarch | thunderbird | < 2.0.0.18+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |