Vulnerability Details CVE-2010-1215
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.3%
CVSS Severity
CVSS v2 Score 6.8
References
- http://www.mozilla.org/security/announce/2010/mfsa2010-38.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=567069
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11527
- http://www.mozilla.org/security/announce/2010/mfsa2010-38.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=567069
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11527
Products affected by CVE-2010-1215
-
cpe:2.3:a:mozilla:firefox:3.6.1
-
cpe:2.3:a:mozilla:firefox:3.6.2
-
cpe:2.3:a:mozilla:firefox:3.6.3
-
cpe:2.3:a:mozilla:firefox:3.6.4
-
cpe:2.3:a:mozilla:firefox:3.6.6
-
cpe:2.3:a:mozilla:thunderbird:3.1