Mozilla Foundation Security Advisory 2011-08

2011-03-03T00:00:00
ID SECURITYVULNS:DOC:25844
Type securityvulns
Reporter Securityvulns
Modified 2011-03-03T00:00:00

Description

Mozilla Foundation Security Advisory 2011-08

Title: ParanoidFragmentSink allows javascript: URLs in chrome documents Impact: Moderate Announced: March 1, 2011 Reporter: Roberto Suggi Liverani Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.14 Firefox 3.5.17 Thunderbird 3.1.8 SeaMonkey 2.0.12 Description

Mozilla security developer Roberto Suggi Liverani reported that ParanoidFragmentSink, a class used to sanitize potentially unsafe HTML for display, allows javascript: URLs and other inline JavaScript when the embedding document is a chrome document. While there are no unsafe uses of this class in any released products, extension code could have potentially used it in an unsafe manner. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=562547
* CVE-2010-1585