The E4X implementation in Mozilla Firefox prior to 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey prior to 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 1.5 |
||
mozilla seamonkey 1.0 |
||
mozilla thunderbird 1.5 |