Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2009-40

Multiple cross origin wrapper bypasses

Announced
July 21, 2009
Reporter
moz_bug_r_a4
Impact
High
Products
Firefox
Fixed in
  • Firefox 3.0.12
  • Firefox 3.5

Description

Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in which objects that normally receive a XPCCrossOriginWrapper are constructed without the wrapper. This can lead to cases where JavaScript from one website may unsafely access properties of such an object which had been set by a different website. A malicious website could use this vulnerability to launch a XSS attack and run arbitrary JavaScript within the context of another site.

Workaround

Disable JavaScript until a version containing this fix can be installed.

References