Computer Security

Security Advisory: Mozilla Foundation Security Advisory 2008-22
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

  Mozilla Foundation Security Advisory 2008-33

  Mozilla Foundation Security Advisory 2008-32

  Mozilla Foundation Security Advisory 2008-31

  Mozilla Foundation Security Advisory 2008-30

From:MOZILLA
Date:03.07.2008
Subject:Mozilla Foundation Security Advisory 2008-22

Mozilla Foundation Security Advisory 2008-22

Title: XSS through JavaScript same-origin violation
Impact: High
Announced: July 1, 2008
Reporter: moz_bug_r_a4
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.0
 Firefox 2.0.0.15
 SeaMonkey 1.1.10
Description

Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack against arbitrary sites, potentially stealing or manipulating the user's private information on the victim site.
Workaround

Disable JavaScript until a version containing these fixes can be installed.
References

   * JavaScript privilege escalation bugs
   * CVE-2008-2800

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru