Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.
About The Author
Related Posts
CVE-2018-8781 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation, linux_kernel, ubuntu_linux)
February 24, 2023