Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20109
HistoryJul 03, 2008 - 12:00 a.m.

Mozilla Foundation Security Advisory 2008-22

2008-07-0300:00:00
vulners.com
13

Mozilla Foundation Security Advisory 2008-22

Title: XSS through JavaScript same-origin violation
Impact: High
Announced: July 1, 2008
Reporter: moz_bug_r_a4
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.0
Firefox 2.0.0.15
SeaMonkey 1.1.10
Description

Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack against arbitrary sites, potentially stealing or manipulating the user's private information on the victim site.
Workaround

Disable JavaScript until a version containing these fixes can be installed.
References

* JavaScript privilege escalation bugs
* CVE-2008-2800