Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox addEventListener和setTimeout 跨站脚本攻击漏洞
Vulnerability Description
Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。 Firefox的addEventListener和setTimeout实现中存在安全漏洞,用户可以通过使用包装的对象绕过MFSA 2007-19所提供的修复执行跨站脚本攻击;由于Firefox 3.6浏览器引擎中的更改,对这个版本的攻击仅限于从跨来源帧或窗口捕获键盘敲击事件。
CVSS Information
N/A
Vulnerability Type
N/A