Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-07-30T20:00:00
Updated: 2017-09-18T12:57:01
Reserved: 2010-03-30T00:00:00
Link: CVE-2010-1215
JSON object: View
NVD Information
Status : Modified
Published: 2010-07-30T20:30:01.643
Modified: 2017-09-19T01:30:37.347
Link: CVE-2010-1215
JSON object: View
Redhat Information
No data.
CWE