CVE-2010-2763
N/A
N/A
Summary
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.mozilla.org/show_bug.cgi?id=585284
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61665
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12114
- http://www.vupen.com/english/advisories/2010/2323
- http://www.mozilla.org/security/announce/2010/mfsa2010-60.html
- http://www.debian.org/security/2010/dsa-2106
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=585284
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61665
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12114
- http://www.vupen.com/english/advisories/2010/2323
- http://www.mozilla.org/security/announce/2010/mfsa2010-60.html
- http://www.debian.org/security/2010/dsa-2106
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.