Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox的 XPCOM Utility Chrome 权限提升漏洞
Vulnerability Description
Mozilla Firefox,中文名为火狐,是由Mozilla基金会与开源团体共同开发的网页浏览器。 Mozilla Firefox存在XPCOM Utility Chrome 权限提升漏洞。由于Mozilla Firefox的XPCOM组建的XPCVariant::VariantDataToJS函数没有实施在chrome特权代码和从远程网站获得的对象间的预设限制,具有chrome权限的远程攻击者可以借助与“双重包装对象”相关的未明方法调用,执行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A