Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox错误缓存wrapper Chrome权限提升漏洞
Vulnerability Description
Firefox是Mozilla所发布的开源WEB浏览器。 如果对Firefox安装了以JavaScript实现内容策略的附加附件(如AdBlock Plus或NoScript),包含有Link: HTTP头的网页可能导致窗口的全局对象接收错误的安全wrapper。用户受骗访问了恶意网页就会导致以chrome权限执行任意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A