• info
• discussion
• exploit
• solution
• references

Mozilla XMLSerializer Same Origin Policy Violation Vulnerability

Solution:
Conectiva has released a security advisory containing fixes. Users are advised to upgrade their Mozilla and Galeon packages as soon as possible.

Users are adviced to upgrade to the latest version of Mozilla.

Fixes are available:


Mozilla Browser 0.9.8

• Mozilla Mozilla 1.1
  http://www.mozilla.org/releases/

Mozilla Browser 0.9.9

• Mozilla Mozilla 1.1
  http://www.mozilla.org/releases/


• RedHat galeon-1.2.6-0.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/galeon-1.2.6-0.7.2.i386.rpm


• RedHat galeon-1.2.6-0.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/galeon-1.2.6-0.7.3.i386.rpm


• RedHat gdk-pixbuf-0.14.0-0.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-0.14.0-0.7.2.i386.r pm


• RedHat gdk-pixbuf-0.14.0-0.7.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-0.14.0-0.7.2.ia64.r pm


• RedHat gdk-pixbuf-devel-0.14.0-0.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-devel-0.14.0-0.7.2. i386.rpm


• RedHat gdk-pixbuf-devel-0.14.0-0.7.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-devel-0.14.0-0.7.2. ia64.rpm


• RedHat gdk-pixbuf-gnome-0.14.0-0.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-gnome-0.14.0-0.7.2. i386.rpm


• RedHat gdk-pixbuf-gnome-0.14.0-0.7.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-gnome-0.14.0-0.7.2. ia64.rpm


• RedHat mozilla-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-1.0.1-2.7.2.i386.rpm


• RedHat mozilla-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-1.0.1-2.7.3.i386.rpm


• RedHat mozilla-chat-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-chat-1.0.1-2.7.2.i386. rpm


• RedHat mozilla-chat-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-chat-1.0.1-2.7.3.i386. rpm


• RedHat mozilla-devel-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-devel-1.0.1-2.7.2.i386 .rpm


• RedHat mozilla-devel-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-devel-1.0.1-2.7.3.i386 .rpm


• RedHat mozilla-dom-inspector-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-dom-inspector-1.0.1-2. 7.2.i386.rpm


• RedHat mozilla-dom-inspector-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-dom-inspector-1.0.1-2. 7.3.i386.rpm


• RedHat mozilla-js-debugger-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-js-debugger-1.0.1-2.7. 2.i386.rpm


• RedHat mozilla-js-debugger-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-js-debugger-1.0.1-2.7. 3.i386.rpm


• RedHat mozilla-mail-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-mail-1.0.1-2.7.2.i386. rpm


• RedHat mozilla-mail-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-mail-1.0.1-2.7.3.i386. rpm


• RedHat mozilla-nspr-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-1.0.1-2.7.2.i386. rpm


• RedHat mozilla-nspr-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-1.0.1-2.7.3.i386. rpm


• RedHat mozilla-nspr-devel-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.2 .i386.rpm


• RedHat mozilla-nspr-devel-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.3 .i386.rpm


• RedHat mozilla-nss-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-1.0.1-2.7.2.i386.r pm


• RedHat mozilla-nss-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-1.0.1-2.7.3.i386.r pm


• RedHat mozilla-nss-devel-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-devel-1.0.1-2.7.2. i386.rpm


• RedHat mozilla-nss-devel-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-devel-1.0.1-2.7.3. i386.rpm


• RedHat mozilla-psm-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-psm-1.0.1-2.7.2.i386.r pm


• RedHat mozilla-psm-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-psm-1.0.1-2.7.3.i386.r pm


• RedHat nautilus-1.0.4-48.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/nautilus-1.0.4-48.i386.rpm


• RedHat nautilus-1.0.4-48.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/nautilus-1.0.4-48.ia64.rpm


• RedHat nautilus-1.0.6-16.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/nautilus-1.0.6-16.i386.rpm


• RedHat nautilus-devel-1.0.4-48.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/nautilus-devel-1.0.4-48.i386.r pm


• RedHat nautilus-devel-1.0.4-48.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/nautilus-devel-1.0.4-48.ia64.r pm


• RedHat nautilus-devel-1.0.6-16.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/nautilus-devel-1.0.6-16.i386.r pm


• RedHat nautilus-mozilla-1.0.4-48.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/nautilus-mozilla-1.0.4-48.i386 .rpm


• RedHat nautilus-mozilla-1.0.6-16.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/nautilus-mozilla-1.0.6-16.i386 .rpm

Mozilla Browser 1.0 RC2

• Mozilla Mozilla 1.1
  http://www.mozilla.org/releases/

Mozilla Browser 1.0

• Conectiva mozilla-1.2.1-1U60_2cl.i386.rpm
  Conectiva 6.0
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-1.2.1-1U60_2cl.i3 86.rpm


• Conectiva mozilla-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-1.2.1-1U70_2cl.i3 86.rpm


• Conectiva mozilla-1.2.1-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-1.2.1-1U80_5cl.i386 .rpm


• Conectiva mozilla-devel-1.2.1-1U60_2cl.i386.rpm
  Conectiva 6.0
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-devel-1.2.1-1U60_ 2cl.i386.rpm


• Conectiva mozilla-devel-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-1.2.1-1U70_ 2cl.i386.rpm


• Conectiva mozilla-devel-1.2.1-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-devel-1.2.1-1U80_5c l.i386.rpm


• Conectiva mozilla-devel-static-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-static-1.2. 1-1U70_2cl.i386.rpm


• Conectiva mozilla-irc-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-irc-1.2.1-1U70_2c l.i386.rpm


• Conectiva mozilla-irc-1.2.1-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-irc-1.2.1-1U80_5cl. i386.rpm


• Conectiva mozilla-mail-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-mail-1.2.1-1U70_2 cl.i386.rpm


• Conectiva mozilla-mail-1.2.1-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-mail-1.2.1-1U80_5cl .i386.rpm


• Conectiva mozilla-psm-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-psm-1.2.1-1U70_2c l.i386.rpm


• Conectiva mozilla-psm-1.2.1-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-psm-1.2.1-1U80_5cl. i386.rpm


• Mandrake galeon-1.2.5-2.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake galeon-1.2.5-2.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake galeon-1.2.5-2.1mdk.src.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libjs-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libjs-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnautilus0-1.0.6-15.8mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnautilus0-1.0.6-15.8mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnautilus0-devel-1.0.6-15.8mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnautilus0-devel-1.0.6-15.8mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-devel-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-devel-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-devel-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-devel-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.0.1-4.1mdk.src.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-devel-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-devel-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-dom-inspector-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-dom-inspector-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmail-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmail-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmime-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmime-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-irc-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-irc-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-js-debugger-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-js-debugger-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-mail-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-mail-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-spellchecker-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-spellchecker-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-xmlterm-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-xmlterm-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nautilus-1.0.6-15.8mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nautilus-1.0.6-15.8mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nautilus-1.0.6-15.8mdk.src.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nautilus-mozilla-1.0.6-15.8mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nautilus-mozilla-1.0.6-15.8mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mozilla Mozilla 1.1
  http://www.mozilla.org/releases/


• RedHat galeon-1.2.6-0.8.0.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/galeon-1.2.6-0.8.0.i386.rpm


• RedHat mozilla-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-1.0.1-26.i386.rpm


• RedHat mozilla-chat-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-chat-1.0.1-26.i386.rpm


• RedHat mozilla-devel-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-devel-1.0.1-26.i386.rp m


• RedHat mozilla-dom-inspector-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-dom-inspector-1.0.1-26 .i386.rpm


• RedHat mozilla-js-debugger-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-js-debugger-1.0.1-26.i 386.rpm


• RedHat mozilla-mail-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-mail-1.0.1-26.i386.rpm


• RedHat mozilla-nspr-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-1.0.1-26.i386.rpm


• RedHat mozilla-nspr-devel-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-devel-1.0.1-26.i3 86.rpm


• RedHat mozilla-nss-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-1.0.1-26.i386.rpm


• RedHat mozilla-nss-devel-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-devel-1.0.1-26.i38 6.rpm


• RedHat mozilla-psm-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-psm-1.0.1-26.i386.rpm

Mozilla Browser 1.0 RC1

• Mozilla Mozilla 1.1
  http://www.mozilla.org/releases/

Galeon Galeon Browser 1.2.4

• Conectiva galeon-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-1.2.7-1U80_5cl.i386. rpm


• Conectiva galeon-devel-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-devel-1.2.7-1U80_5cl .i386.rpm

Galeon Galeon Browser 1.2.5

• Conectiva galeon-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-1.2.7-1U80_5cl.i386. rpm


• Conectiva galeon-devel-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-devel-1.2.7-1U80_5cl .i386.rpm

Galeon Galeon Browser 1.2.6

• Conectiva galeon-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-1.2.7-1U80_5cl.i386. rpm


• Conectiva galeon-devel-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-devel-1.2.7-1U80_5cl .i386.rpm