Mozilla Foundation Security Advisory 2012-32

HTTP Redirections and remote content can be read by javascript errors

Announced
April 24, 2012
Reporter
Daniel Divricean
Impact
Moderate
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 12
  • SeaMonkey 2.9
  • Thunderbird 12

Description

Security researcher Daniel Divricean reported that a defect in the error handling of javascript errors can leak the file names and location of javascript files on a server, leading to inadvertent information disclosure and a vector for further attacks.

References