Lucene search

K
cvelistMozillaCVELIST:CVE-2013-0757
HistoryJan 13, 2013 - 8:00 p.m.

CVE-2013-0757

2013-01-1320:00:00
mozilla
www.cve.org

9.3 High

AI Score

Confidence

High

0.095 Low

EPSS

Percentile

94.8%

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.proto in a crafted HTML document.