CVE-2009-0354
CVSS v2.0
2.6 (Low)
EPSS
0.30 % (70th)
Affected Products
1
Advisories
6
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2009-02-04 19:30:00
(15 years ago) - Updated Date
-
2023-02-13 01:17:07
(19 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...