Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 19.0 (excluding) |
Firefox_esr | Mozilla | * | 17.0.3 (excluding) |
Seamonkey | Mozilla | * | 2.16 (excluding) |
Thunderbird | Mozilla | * | 17.0.3 (excluding) |
Thunderbird_esr | Mozilla | * | 17.0.3 (excluding) |