You are here: Known Vulnerabilities in Mozilla Products (Firefox 184.108.40.206) > MFSA 2006-72
Mozilla Foundation Security Advisory 2006-72
Announced: December 19, 2006
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 220.127.116.11
moz_bug_r_a4 reported that the
src attribute of an
to bypass the protections against cross-site script (XSS) injection.
The injected script could steal credentials and financial data, or perform
destructive actions on behalf of a logged-in user.
Exploit details withheld until after the active update period.