CVE-2009-2472

Mozilla Firefox <3.0.12 - XSS

Title source: llm

Description

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."

References (18)

Scores

EPSS 0.0070
EPSS Percentile 71.8%

Classification

CWE
CWE-79
Status published

Affected Products (11)

mozilla/firefox < 3.0.12
fedoraproject/fedora
suse/linux_enterprise_debuginfo
suse/linux_enterprise_debuginfo
opensuse/opensuse
opensuse/opensuse
suse/linux_enterprise_desktop
suse/linux_enterprise_desktop
suse/linux_enterprise_server
suse/linux_enterprise_server
n/a/n/a

Timeline

Published Jul 22, 2009
Tracked Since Feb 18, 2026