Security Advisory

CVE-2009-2665

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-08-04 16:13:00

Last updated 2024-08-07 05:59:56

Assigner mitre

State PUBLISHED

Description

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.

← Browse all CVEs View on cve.org ↗