Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 8.0 | 8.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 5.0.1 | 5.0.1 |
Firefox | Mozilla | 5.0 | 5.0 |
Firefox | Mozilla | 7.0 | 7.0 |
Firefox | Mozilla | 6.0.2 | 6.0.2 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 13.0 | 13.0 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 12.0 | 12.0 |
Firefox | Mozilla | 6.0.1 | 6.0.1 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 11.0 | 11.0 |
Firefox | Mozilla | 6.0 | 6.0 |
Firefox | Mozilla | 7.0.1 | 7.0.1 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 12.0 | 12.0 |
Firefox | Mozilla | 8.0.1 | 8.0.1 |
Firefox | Mozilla | 9.0.1 | 9.0.1 |
Firefox | Mozilla | 4.0 | 4.0 |
Firefox | Mozilla | 9.0 | 9.0 |
Firefox | Mozilla | 4.0.1 | 4.0.1 |