XSS hazard using third-party stylesheets and XBL bindings
- April 21, 2009
- Cefn Hoile
- Fixed in
- Firefox 3.0.9
Web developer Cefn Hoile reported that sites which allow users to embed third-party stylesheets are vulnerable to script injection attacks using XBL bindings. While this behavior was documented previously, it was determined that this particular risk was not well-understood by some websites. To mitigate this risk Mozilla added a restriction that requires XBL bindings to come from the same origin as the bound document.