The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2012-11-21T11:00:00
Updated: 2017-09-18T12:57:01
Reserved: 2012-08-08T00:00:00
Link: CVE-2012-4208
JSON object: View
NVD Information
Status : Analyzed
Published: 2012-11-21T12:55:02.103
Modified: 2020-08-12T19:45:01.403
Link: CVE-2012-4208
JSON object: View
Redhat Information
No data.
CWE