CVE-2010-1215
CVE-2010-1215 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
Learn more about our Cis Benchmark Audit For Google Chrome.