Mozilla Browser Zombie Document Cross-Site Scripting Vulnerability

Mozilla has been reported to be prone to a cross-site scripting vulnerability. This issue is due to a design error that allows event handlers in a web document from one domain to be executed in the context of another.

This could permit a remote attacker to create a malicious web page that includes hostile event handling script code. If this page were to redirect to a target page when certain event handling code was activated, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the new page and may allow for theft of cookie-based authentication credentials or other attacks.


Privacy Statement
Copyright 2010, SecurityFocus