Same Origin Policy Bypass and Arbitrary JavaScript Execution in Mozilla Firefox, SeaMonkey, and Thunderbird

Same Origin Policy Bypass and Arbitrary JavaScript Execution in Mozilla Firefox, SeaMonkey, and Thunderbird

CVE-2011-2981 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Learn more about our Cis Benchmark Audit For Google Chrome.