Security researcher Sachin Shinde reported that moving certain XBL-backed nodes from a document into the replacement document created by document.open() can cause a JavaScript compartment mismatch which can often lead to exploitable conditions.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 24 | |
firefox esr | lt | 17.0.9 | |
seamonkey | lt | 2.21 | |
thunderbird | lt | 24 | |
thunderbird esr | lt | 17.0.9 |