Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox 权限许可和访问控制漏洞
Vulnerability Description
Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。 Mozilla Firefox 36.0.4及之前版本中存在安全漏洞,该漏洞源于程序根据docshell类型信息控制Window.webidl访问权限。远程攻击者可借助特定的内容导航利用该漏洞以chrome权限执行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A