The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2010-07-30 20:30
Updated : 2024-02-04 17:54
NVD link : CVE-2010-1213
Mitre link : CVE-2010-1213
CVE.ORG link : CVE-2010-1213
JSON object : View
Products Affected
mozilla
- firefox
- seamonkey
- thunderbird
CWE
CWE-20
Improper Input Validation