Mozilla Cross Domain getter/setter Execution

2001-07-29T23:27:00
ID OSVDB:8388
Type osvdb
Reporter Jesse Ruderman(jruderman@gmail.com)
Modified 2001-07-29T23:27:00

Description

Vulnerability Description

Mozilla contains a flaw that may allow a malicious user to execute cross domain scripting attacks. The issue is triggered when custom getter/setter objects occur across different domains occurs. It is possible that the flaw may allow a script to gain access to attributes in a different frame or iframe resulting in a loss of integrity.

Solution Description

Upgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mozilla contains a flaw that may allow a malicious user to execute cross domain scripting attacks. The issue is triggered when custom getter/setter objects occur across different domains occurs. It is possible that the flaw may allow a script to gain access to attributes in a different frame or iframe resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Bugtraq ID: 9328