Mozilla Foundation Security Advisory 2009-19
Title: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString Impact: High Announced: April 21, 2009 Reporter: moz_bug_r_a4 Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.0.9 Description
moz_bug_r_a4 separately reported that XPCNativeWrapper.toString's proto comes from the wrong scope which results in calls to that function being executed in the wrong context in certain circumstances. An attacker could use this vulnerability to run arbitrary code within the context of a different site. Alternatively, if chrome were to call content.toString.call(), then attacker-defined functions could be run with chrome privileges.
* Same-origin violations * CVE-2009-1309