Mozilla Firefox cross domain access

2007-02-27T00:00:00
ID SECURITYVULNS:VULN:7238
Type securityvulns
Reporter BUGTRAQ
Modified 2007-02-27T00:00:00

Description

By using location.hostname='evil.com\x00foo.example.com' in javascript it's possible to make request for foo.example.com domain to be sent to evil.com. It makes it possible cross-domain access. Vulnerability can be used for hidden malware installation.