Mozilla Foundation Security Advisory 2008-69
XSS vulnerabilities in SessionStore
- December 16, 2008
- Fixed in
- Firefox 220.127.116.11
- Firefox 3.0.5
Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser's same-origin policy and perform an XSS attack while SessionStore data is being restored.