Required CVE Record Information
Description
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.
References 16 Total
- securityfocus.com: 60784 vdb-entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=858101
- ubuntu.com: USN-1890-1 vendor-advisory
- rhn.redhat.com: RHSA-2013:0982 vendor-advisory
- lists.opensuse.org: SUSE-SU-2013:1153 vendor-advisory
- lists.opensuse.org: SUSE-SU-2013:1152 vendor-advisory
- rhn.redhat.com: RHSA-2013:0981 vendor-advisory
- oval.cisecurity.org: oval:org.mitre.oval:def:17243 vdb-entrysignature
- ubuntu.com: USN-1891-1 vendor-advisory
- lists.opensuse.org: openSUSE-SU-2013:1141 vendor-advisory
- http://www.mozilla.org/security/announce/2013/mfsa2013-59.html
- debian.org: DSA-2716 vendor-advisory
- lists.opensuse.org: openSUSE-SU-2013:1142 vendor-advisory
- lists.opensuse.org: openSUSE-SU-2013:1140 vendor-advisory
- debian.org: DSA-2720 vendor-advisory
- lists.opensuse.org: openSUSE-SU-2013:1143 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 16 Total
- securityfocus.com: 60784 vdb-entryx_transferred
- https://bugzilla.mozilla.org/show_bug.cgi?id=858101 x_transferred
- ubuntu.com: USN-1890-1 vendor-advisoryx_transferred
- rhn.redhat.com: RHSA-2013:0982 vendor-advisoryx_transferred
- lists.opensuse.org: SUSE-SU-2013:1153 vendor-advisoryx_transferred
- lists.opensuse.org: SUSE-SU-2013:1152 vendor-advisoryx_transferred
- rhn.redhat.com: RHSA-2013:0981 vendor-advisoryx_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:17243 vdb-entrysignaturex_transferred
- ubuntu.com: USN-1891-1 vendor-advisoryx_transferred
- lists.opensuse.org: openSUSE-SU-2013:1141 vendor-advisoryx_transferred
- http://www.mozilla.org/security/announce/2013/mfsa2013-59.html x_transferred
- debian.org: DSA-2716 vendor-advisoryx_transferred
- lists.opensuse.org: openSUSE-SU-2013:1142 vendor-advisoryx_transferred
- lists.opensuse.org: openSUSE-SU-2013:1140 vendor-advisoryx_transferred
- debian.org: DSA-2720 vendor-advisoryx_transferred
- lists.opensuse.org: openSUSE-SU-2013:1143 vendor-advisoryx_transferred