The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.mozilla.org/security/announce/2010/mfsa2010-42.html - Vendor Advisory | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=568148 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11835 - |
Information
Published : 2010-07-30 20:30
Updated : 2024-11-21 01:13
NVD link : CVE-2010-1213
Mitre link : CVE-2010-1213
CVE.ORG link : CVE-2010-1213
JSON object : View
Products Affected
mozilla
- firefox
- seamonkey
- thunderbird
CWE
CWE-20
Improper Input Validation