Mozilla XMLSerializer Same Origin Policy Violation Vulnerability

Mozilla XMLSerializer Same Origin Policy Violation Vulnerability

XMLSerializer is part of the XMLExtras package included with Mozilla. It is available for Unix, Linux, and Microsoft Windows platforms.

The XMLSerializer object does not possess a check for the Same Origin Policy. This may allow the object to be invoked to gain access to properties of another domain in a frame or iframe.