5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%
Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 3.5.14 | |
firefox | lt | 3.6.11 | |
seamonkey | lt | 2.0.9 | |
thunderbird | lt | 3.0.9 | |
thunderbird | lt | 3.1.5 |