Mozilla Products: Bypass of XrayWrappers using XBL Scopes - CVE-2013-1711ID: oval:org.secpod.oval:def:16365 | Date: (C)2013-12-30 (M)2023-11-18 |
Class: VULNERABILITY | Family: macos |
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Product: |
Mozilla SeaMonkey |
Mozilla Firefox |