New Search

The event-management implementation in Mozilla Firefox before 3.6.20 SeaMonkey 2.x Thunderbird 3.x before 3.1.12 and possibly other products does not properly select the context for script to run in which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

oval:org.mitre.oval:def:14512

The event-management implementation in Mozilla Firefox before 3.6.20 SeaMonkey 2.x Thunderbird 3.x before 3.1.12 and possibly other products does not properly select the context for script to run in which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Vista
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2011-2981
Product(s):
  • Mozilla Firefox
  • Mozilla Thunderbird
  • Mozilla Seamonkey