New Search

The event-management implementation in Mozilla Firefox before 3.6.20 SeaMonkey 2.x Thunderbird 3.x before 3.1.12 and possibly other products does not properly select the context for script to run in which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

oval:org.mitre.oval:def:14512

The event-management implementation in Mozilla Firefox before 3.6.20 SeaMonkey 2.x Thunderbird 3.x before 3.1.12 and possibly other products does not properly select the context for script to run in which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Vista
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
Class:
vulnerability
Reference(s):
  • CVE-2011-2981
Product(s):
  • Mozilla Thunderbird
  • Mozilla Firefox
  • Mozilla Seamonkey