Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox/SeaMonkey 权限许可和访问控制问题漏洞
Vulnerability Description
Mozilla Firefox和SeaMonkey都是由美国Mozilla基金会开发。Firefox是一款开源Web浏览器。SeaMonkey是一套免费、开源以及跨平台的网络套装软件。 Mozilla Firefox 25.0.1及之前的版本和SeaMonkey 2.23.beta2及之前的版本中存在权限许可和访问控制漏洞,该漏洞源于IFRAME元素的沙箱属性限制不适用于包含在沙箱的iframe中的‘object’元素。远程攻击者可借助特制的网站利用该漏洞绕过既定的沙盒限制。
CVSS Information
N/A
Vulnerability Type
N/A