CVE-2013-1670

Priority
Description
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before
21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and
Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome
privileges during calls to content level constructors, which allows remote
attackers to bypass certain read-only restrictions and conduct cross-site
scripting (XSS) attacks via a crafted web site.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (21.0)
Package
Upstream:needs-triage
Package
Priority: Low
Upstream:released (17.0.6)
Package
Upstream:needs-triage
More Information

Updated: 2020-09-10 02:34:12 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)