Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22202
HistoryJul 22, 2009 - 12:00 a.m.

Mozilla Foundation Security Advisory 2009-40

2009-07-2200:00:00
vulners.com
24

Mozilla Foundation Security Advisory 2009-40

Title: Multiple cross origin wrapper bypasses
Impact: High
Announced: July 21, 2009
Reporter: moz_bug_r_a4
Products: Firefox

Fixed in: Firefox 3.5
Firefox 3.0.12
Description

Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in which objects that normally receive a XPCCrossOriginWrapper are constructed without the wrapper. This can lead to cases where JavaScript from one website may unsafely access properties of such an object which had been set by a different website. A malicious website could use this vulnerability to launch a XSS attack and run arbitrary JavaScript within the context of another site.
Workaround

Disable JavaScript until a version containing this fix can be installed.
References

* Cross origin wrapper bypass bugs
* CVE-2009-2472
Related for SECURITYVULNS:DOC:22202