XSS through JavaScript same-origin violation

2008-07-01T00:00:00
ID MFSA2008-22
Type mozilla
Reporter Mozilla Foundation
Modified 2008-07-01T00:00:00

Description

Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack against arbitrary sites, potentially stealing or manipulating the user's private information on the victim site.