Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 2.0.0.7 (including) |
Seamonkey | Mozilla | * | 1.1.4 (including) |