XSS vulnerabilities has been fixed in Firefox 16.0.2

Sponsored Links
Mozilla has released updated versions of Firefox, Thunderbird, SeaMonkey that close three critical vulnerabilities related to the Location object .

Vulnerability details:
CVE-2012-4194:
The vulnerability allows attacker to use the valueOf method combined with some plugins to perform a XSS attack on users.

CVE-2012-4195:
CheckURL function in window.location can be forced to return the wrong calling document and principal, results in XSS attack

CVE-2012-4196
Allow an outsider to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object

The vulnerabilities has been fixed in Firefox 16.0.2, Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 and SeaMonkey 2.13.2.
Category: /

Share this with Your friends: