Mozilla Firefox/Thunderbird/SeaMonkey Cross Domain Information Disclosure Vulnerability

Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a cross domain information disclosure vulnerability.

Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.

Note: This issue was previously discussed in BID 55889 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2012-88/89 Multiple Vulnerabilities), but have been moved to their own record to better document them.

This issue is fixed in:

Firefox 16.0.1
Firefox ESR 10.0.9
Thunderbird 16.0.1
Thunderbird ESR 10.0.9
SeaMonkey 2.13.1


Privacy Statement
Copyright 2010, SecurityFocus