Related information

Mozilla Firefox / Seamonkey multiple security vulnerabilities

Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox

iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability

Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability

Mozilla Firefox 3.5.3 Local Download Manager Exploit

From:	MOZILLA
Date:	28.10.2009
Subject:	Mozilla Foundation Security Advisory 2009-61

Mozilla Foundation Security Advisory 2009-61

Title: Cross-origin data theft through document.getSelection()
Impact: Moderate
Announced: October 27, 2009
Reporter: Gregory Fleischer
Products: Firefox 3

Fixed in: Firefox 3.5.4
 Firefox 3.0.15

This vulnerability does not affect products based on the older Gecko 1.8 engine such as Firefox 2 or SeaMonkey 1.1
Description

Security researcher Gregory Fleischer reported that text within a selection on a web page can be read by JavaScript in a different domain using the document.getSelection function, violating the same-origin policy. Since this vulnerability requires user interaction to exploit, its severity was determined to be moderate.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=503226
   * CVE-2009-3375