CVE-2010-1215
CVSS v2.0
6.8 (Medium)
EPSS
0.72 % (81th)
Affected Products
2
Advisories
7
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
Weaknesses
- CWE-94
- Improper Control of Generation of Code ('Code Injection')
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2010-07-30 20:30:01
(14 years ago) - Updated Date
-
2017-09-19 01:30:37
(7 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...