You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-32

Mozilla Foundation Security Advisory 2012-32

Title: HTTP Redirections and remote content can be read by javascript errors
Impact: Moderate
Announced: April 24, 2012
Reporter: Daniel Divricean
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 12.0
  Thunderbird 12.0
  SeaMonkey 2.9

Description

Security researcher Daniel Divricean reported that a defect in the error handling of javascript errors can leak the file names and location of javascript files on a server, leading to inadvertent information disclosure and a vector for further attacks.

References