New Search

The event-management implementation in Mozilla Firefox before 3.6.20 SeaMonkey 2.x Thunderbird 3.x before 3.1.12 and possibly other products does not properly select the context for script to run in which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

oval:org.mitre.oval:def:14512

The event-management implementation in Mozilla Firefox before 3.6.20 SeaMonkey 2.x Thunderbird 3.x before 3.1.12 and possibly other products does not properly select the context for script to run in which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 7
  • Microsoft Windows Vista
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008
  • Microsoft Windows XP
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2011-2981
Product(s):
  • Mozilla Thunderbird
  • Mozilla Firefox
  • Mozilla Seamonkey