Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21300
HistoryFeb 05, 2009 - 12:00 a.m.

Mozilla Foundation Security Advisory 2009-02

2009-02-0500:00:00
vulners.com
16

Mozilla Foundation Security Advisory 2009-02

Title: XSS using a chrome XBL method and window.eval
Impact: High
Announced: February 3, 2009
Reporter: moz_bug_r_a4
Products: Firefox 3

Fixed in: Firefox 3.0.6
Description

Mozilla security researcher moz_bug_r_a4 reported that a chrome XBL method can be used in conjuction with window.eval to execute arbitrary JavaScript within the context of another website, violating the same origin policy.

Firefox 2 releases are not affected.
Workaround

Disable JavaScript until a version containing these fixes can be installed.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=468581
* CVE-2009-0354
Related for SECURITYVULNS:DOC:21300