Security Advisory

CVE-2012-4208

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-11-21 11:00:00

Last updated 2024-08-06 20:28:07

Assigner mitre

State PUBLISHED

Description

The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.

← Browse all CVEs View on cve.org ↗