Non-whitelisted site can trigger xpinstall
- June 21, 2011
- Firefox, SeaMonkey
- Fixed in
- Firefox 5
- SeaMonkey 2.2
Mozilla security researcher moz_bug_r_a4 reported that it was possible for a non-whitelisted site to trigger an install dialog for add-ons and themes.
This vulnerability was introduced in the browser engine used by Firefox 4 and SeaMonkey 2.1; it does not affect earlier versions.