New Search

Mozilla Firefox/Thunderbird/SeaMonkey Cross-origin data disclosure via Web Workers and importScripts

oval:org.mitre.oval:def:11835

The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7 Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1 and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 7
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista
  • Microsoft Windows 2000
  • Microsoft Windows Server 2008
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2010-1213
Product(s):
  • Mozilla Firefox
  • Mozilla Thunderbird
  • Mozilla SeaMonkey