Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.
2014-12-11T11:59:02.993
2025-04-12T10:46:40.837
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | mozilla | firefox | ≤ 33.0 | Yes |
Application | mozilla | seamonkey | ≤ 2.30 | Yes |