You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-28

Mozilla Foundation Security Advisory 2011-28

Title: Non-whitelisted site can trigger xpinstall
Impact: Low
Announced: June 21, 2011
Reporter: moz_bug_r_a4
Products: Firefox, SeaMonkey

Fixed in: Firefox 5
SeaMonkey 2.2

Description

Mozilla security researcher moz_bug_r_a4 reported that it was possible for a non-whitelisted site to trigger an install dialog for add-ons and themes.

This vulnerability was introduced in the browser engine used by Firefox 4 and SeaMonkey 2.1; it does not affect earlier versions.

References