XSS using a chrome XBL method and window.eval
- February 3, 2009
- Fixed in
- Firefox 3.0.6
Mozilla security researcher moz_bug_r_a4 reported
that a chrome XBL method can be used in conjuction
the context of another website, violating the same origin policy.
Firefox 2 releases are not affected.