You are here: Known Vulnerabilities in Mozilla Products (Firefox 18.104.22.168) > MFSA 2008-28
Mozilla Foundation Security Advisory 2008-28
Title: Arbitrary socket connections with Java LiveConnect on Mac OS X
Announced: July 1, 2008
Reporter: Gregory Fleischer
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.0
Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java Embedding Plugin (JEP) that ships with Firefox on Mac OS X. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains.
Disable Java on Mac OS X until a version containing these fixes can be installed.