Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2009-61

Cross-origin data theft through document.getSelection()

Announced
October 27, 2009
Reporter
Gregory Fleischer
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 3.0.15
  • Firefox 3.5.4

This vulnerability does not affect products based on the older Gecko 1.8 engine such as Firefox 2 or SeaMonkey 1.1

Description

Security researcher Gregory Fleischer reported that text within a selection on a web page can be read by JavaScript in a different domain using the document.getSelection function, violating the same-origin policy. Since this vulnerability requires user interaction to exploit, its severity was determined to be moderate.

References