4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
71.3%
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before
2.12 do not prevent use of the Object.defineProperty method to shadow the
location object (aka window.location), which makes it easier for remote
attackers to conduct cross-site scripting (XSS) attacks via vectors
involving a plugin.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | < 15.0+build1-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.04 | noarch | firefox | < 15.0+build1-0ubuntu0.11.04.2 | UNKNOWN |
ubuntu | 11.10 | noarch | firefox | < 15.0+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | firefox | < 15.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | firefox | < 15.0+build1-0ubuntu1 | UNKNOWN |
ubuntu | 13.04 | noarch | firefox | < 15.0+build1-0ubuntu1 | UNKNOWN |
ubuntu | 13.10 | noarch | firefox | < 15.0+build1-0ubuntu1 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | < 15.0+build1-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.04 | noarch | thunderbird | < 15.0+build1-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | thunderbird | < 15.0+build1-0ubuntu0.11.10.1 | UNKNOWN |