logo
DATABASE RESOURCES PRICING ABOUT US

Mozilla Foundation Security Advisory 2010-69

Description

Mozilla Foundation Security Advisory 2010-69 Title: Cross-site information disclosure via modal calls Impact: High Announced: October 19, 2010 Reporter: Eduardo Vela Nava Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.11 Firefox 3.5.14 Thunderbird 3.1.5 Thunderbird 3.0.9 SeaMonkey 2.0.9 Description Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site. References * https://bugzilla.mozilla.org/show_bug.cgi?id=576616 * CVE-2010-3178


Related