Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:11223
HistoryJan 15, 2019 - 8:58 a.m.

Same Origin Policy Bypass

2019-01-1508:58:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10

EPSS

0.023

Percentile

89.6%

xulrunner is vulnerable to same origin policy bypass attacks. It omits a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.