Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-eb9z-2ahu-bff8 |
|---|
| Summary | Mozilla security researcher moz_bug_r_a4 reported
that it is possible to create a document whose URI does not match the
document's principal using XMLHttpRequest. This type of
mismatch leads to incorrect results in principal-based security
checks. An attacker could use this vulnerability to execute arbitrary
JavaScript within the context of another site.moz_bug_r_a4 separately reported
that XPCNativeWrapper.toString's
__proto__ comes from the wrong scope which results in
calls to that function being executed in the wrong context in certain
circumstances. An attacker could use this vulnerability to run
arbitrary code within the context of a different site. Alternatively,
if chrome were to call content.toString.call(), then
attacker-defined functions could be run with chrome privileges.Thunderbird shares the browser engine with Firefox and
could be vulnerable if JavaScript were to be enabled in mail. This is
not the default setting and we strongly discourage users from running
JavaScript in mail. |
|---|
| Aliases |
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
|
|---|
| References |
|
|---|
| Weaknesses |
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 7.0 - 8.9 |
|---|
| Exploitability | null |
|---|
| Weighted_severity | null |
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-eb9z-2ahu-bff8 |
|---|