Mozilla Mozilla/Firefox Cross-Domain Tab Window Script Execution Vulnerability

Mozilla Mozilla/Firefox Cross-Domain Tab Window Script Execution Vulnerability

Mozilla Mozilla/Firefox are reported prone to a cross-domain script execution vulnerability. The issue is reported to exist because the browsers fail to prevent JavaScript that originates from one tab from accessing properties of a site contained in another tab. Typically, the Javascript security manager prevents a 'javascript:' URI from one domain to be opened in the context of a site from another window, however tabbed browsing can be used to bypass this security restriction.

This issue is reported to affect Firefox 1.0, however, it is possible that other versions are affected as well. Mozilla 1.7.5 was also reported vulnerable.