XSS vulnerabilities has been fixed in Firefox 16.0.2

Mozilla has released updated versions of Firefox, Thunderbird, SeaMonkey that close three critical vulnerabilities related to the Location object .

Vulnerability details:
The vulnerability allows attacker to use the valueOf method combined with some plugins to perform a XSS attack on users.

CheckURL function in window.location can be forced to return the wrong calling document and principal, results in XSS attack

Allow an outsider to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object

The vulnerabilities has been fixed in Firefox 16.0.2, Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 and SeaMonkey 2.13.2.
Category: /

Share this with Your friends: