Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
The product does not properly verify that the source of data or communication is valid.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 16.0.1 (excluding) |
| Firefox | Mozilla | 10.0 (including) | 10.0.9 (excluding) |
| Seamonkey | Mozilla | * | 2.13.1 (excluding) |
| Thunderbird | Mozilla | * | 16.0.1 (excluding) |
| Thunderbird_esr | Mozilla | 10.0 (including) | 10.0.9 (excluding) |
| Red Hat Enterprise Linux 5 | RedHat | xulrunner-0:10.0.8-2.el5_8 | * |
| Red Hat Enterprise Linux 5 | RedHat | thunderbird-0:10.0.8-2.el5_8 | * |
| Red Hat Enterprise Linux 6 | RedHat | xulrunner-0:10.0.8-2.el6_3 | * |
| Red Hat Enterprise Linux 6 | RedHat | thunderbird-0:10.0.8-2.el6_3 | * |
| Firefox | Ubuntu | hardy | * |
| Firefox | Ubuntu | upstream | * |
| Seamonkey | Ubuntu | hardy | * |
| Seamonkey | Ubuntu | lucid | * |
| Seamonkey | Ubuntu | natty | * |
| Seamonkey | Ubuntu | oneiric | * |
| Seamonkey | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | devel | * |
| Thunderbird | Ubuntu | hardy | * |
| Thunderbird | Ubuntu | lucid | * |
| Thunderbird | Ubuntu | natty | * |
| Thunderbird | Ubuntu | oneiric | * |
| Thunderbird | Ubuntu | precise | * |
| Thunderbird | Ubuntu | quantal | * |
| Thunderbird | Ubuntu | raring | * |
| Thunderbird | Ubuntu | saucy | * |
| Thunderbird | Ubuntu | upstream | * |
| Xulrunner-1.9.2 | Ubuntu | hardy | * |
| Xulrunner-1.9.2 | Ubuntu | lucid | * |
| Xulrunner-1.9.2 | Ubuntu | natty | * |
| Xulrunner-2.0 | Ubuntu | natty | * |