Mozilla Foundation Security Advisory 2010-24
Title: XMLDocument::load() doesn't check nsIContentPolicy Impact: Low Announced: March 30, 2010 Reporter: Wladimir Palant Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.2 Firefox 3.5.9 Thunderbird 3.0.4 SeaMonkey 2.0.4 Description
Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons.
This issue has not been fixed in Firefox 3.0 References
* https://bugzilla.mozilla.org/show_bug.cgi?id=490790 * CVE-2010-0182