You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-24

Mozilla Foundation Security Advisory 2010-24

Title: XMLDocument::load() doesn't check nsIContentPolicy
Impact: Low
Announced: March 30, 2010
Reporter: Wladimir Palant
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.2
  Firefox 3.5.9
  Thunderbird 3.0.4
  SeaMonkey 2.0.4

Description

Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons.

This issue has not been fixed in Firefox 3.0

References