Mozilla Foundation Security Advisory 2012-70
Location object security checks bypassed by chrome code
- Announced
- August 28, 2012
- Reporter
- moz_bug_r_a4
- Impact
- High
- Products
- Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
- Fixed in
-
- Firefox 15
- Firefox ESR 10.0.7
- SeaMonkey 2.12
- Thunderbird 15
- Thunderbird ESR 10.0.7
Description
Mozilla security researcher moz_bug_r_a4 reported that
certain security checks in the location object can be bypassed if chrome code is
called content in a specific manner. This allowed for the loading of restricted
content. This can be combined with other issues to become potentially
exploitable.
References