Multiple Mozilla Products 'XMLHttpRequest' Cross Domain Information Disclosure Vulnerability
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a cross-domain information-disclosure vulnerability.
Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
NOTE: This issue was previously discussed in BID 43045 (Mozilla Firefox SeaMonkey and Thunderbird MFSA 2010-49 Through -63 Multiple Vulnerabilities) but has been given its own record to better document it.
This issue is fixed in: