Mozilla Foundation Security Advisory 2008-22

XSS through JavaScript same-origin violation

Announced
July 1, 2008
Reporter
moz_bug_r_a4
Impact
High
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 2.0.0.15
  • Firefox 3
  • SeaMonkey 1.1.10

Description

Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack against arbitrary sites, potentially stealing or manipulating the user's private information on the victim site.

Workaround

Disable JavaScript until a version containing these fixes can be installed.

References