CVE-2010-2763

Sažetak

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
http://www.debian.org/security/2010/dsa-2106
http://www.mozilla.org/security/announce/2010/mfsa2010-60.html
http://www.vupen.com/english/advisories/2010/2323
https://bugzilla.mozilla.org/show_bug.cgi?id=585284
https://exchange.xforce.ibmcloud.com/vulnerabilities/61665
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12114

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

19-09-2017 - 01:31

Objavljeno

09-09-2010 - 19:00