The Reader mode feature in Mozilla Firefox prior to 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote malicious users to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle solaris 11.3 |
||
mozilla firefox |