The event-management implementation in Mozilla Firefox before 3.6.20,
SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products
does not properly select the context for script to run in, which allows
remote attackers to bypass the Same Origin Policy or execute arbitrary
JavaScript code with chrome privileges via a crafted web site.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | <ย 3.6.20+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | firefox | <ย 3.6.20+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | <ย 3.1.12+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | thunderbird | <ย 3.1.12+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 11.04 | noarch | thunderbird | <ย 3.1.12+build1+nobinonly-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | xulrunner-1.9.2 | <ย 1.9.2.20+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | xulrunner-1.9.2 | <ย 1.9.2.20+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |