Design/Logic Flaw

2012-10-1017:55:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.2%

JSON

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.

CPENameOperatorVersion
ubuntu_linuxeq11.04
ubuntu_linuxeq11.10
ubuntu_linuxeq12.04
ubuntu_linuxeq10.04
firefoxlt16.0
firefox_esrlt10.0.8
seamonkeylt2.13
thunderbirdlt16.0
thunderbird_esrlt10.0.8
enterprise_linux_desktopeq6.0

Name	Operator	Version
ubuntu_linux	eq	11.04
ubuntu_linux	eq	11.10
ubuntu_linux	eq	12.04
ubuntu_linux	eq	10.04
firefox	lt	16.0
firefox_esr	lt	10.0.8
seamonkey	lt	2.13
thunderbird	lt	16.0
thunderbird_esr	lt	10.0.8
enterprise_linux_desktop	eq	6.0