Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability

Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.

A malicious site may be able to modify the iframe of a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks are also possible, such as executing script code in other browser security zones.

This issue is being tracked by Bugzilla Bug 382686 and is reportedly related to Bug 343168.

Firefox 2.0.0.4 and prior versions are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus