Mozilla Foundation Security Advisory 2010-24

2010-04-06T00:00:00
ID SECURITYVULNS:DOC:23563
Type securityvulns
Reporter Securityvulns
Modified 2010-04-06T00:00:00

Description

Mozilla Foundation Security Advisory 2010-24

Title: XMLDocument::load() doesn't check nsIContentPolicy Impact: Low Announced: March 30, 2010 Reporter: Wladimir Palant Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.2 Firefox 3.5.9 Thunderbird 3.0.4 SeaMonkey 2.0.4 Description

Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons.

This issue has not been fixed in Firefox 3.0 References

* https://bugzilla.mozilla.org/show_bug.cgi?id=490790
* CVE-2010-0182