You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2009-40
Mozilla Foundation Security Advisory 2009-40
Title: Multiple cross origin wrapper bypasses
Impact: High
Announced: July 21, 2009
Reporter: moz_bug_r_a4
Products: Firefox
Fixed in: Firefox 3.5
Firefox 3.0.12
Description
Mozilla security researcher moz_bug_r_a4 reported
a series of vulnerabilities in which objects that normally receive
a XPCCrossOriginWrapper
are constructed without the
wrapper. This can lead to cases where JavaScript from one website may
unsafely access properties of such an object which had been set by a
different website. A malicious website could use this vulnerability
to launch a XSS attack and run arbitrary JavaScript within the context
of another site.
Workaround
Disable JavaScript until a version containing this fix can be installed.