• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-68

Mozilla Foundation Security Advisory 2012-68

Title: DOMParser loads linked resources in extensions when parsing text/html
Impact: Moderate
Announced: August 28, 2012
Reporter: vsemozhetbyt
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 15
  Thunderbird 15
  SeaMonkey 2.12

Description

Security researcher vsemozhetbyt reported that when the DOMParser is used to parse text/html data in a Firefox extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and can potentially be combined with other attacks to become exploitable.

References

• DOMParser does subresource loads when used from privileged code
• CVE-2012-3975