Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2009-12-17 17:30
Updated : 2024-02-04 17:33
NVD link : CVE-2009-3986
Mitre link : CVE-2009-3986
CVE.ORG link : CVE-2009-3986
JSON object : View
Products Affected
mozilla
- firefox
- seamonkey
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')