Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2008-28

Arbitrary socket connections with Java LiveConnect on Mac OS X

Announced
July 1, 2008
Reporter
Gregory Fleischer
Impact
High
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 2.0.0.15
  • Firefox 3
  • SeaMonkey 1.1.10

Description

Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java Embedding Plugin (JEP) that ships with Firefox on Mac OS X. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains.

Workaround

Disable Java on Mac OS X until a version containing these fixes can be installed.

References