OSVDB ID: 86775

Title: Mozilla Multiple Product Prototype Property Injection Security Wrapper Protection Bypass Location Object Disclosure

Info

Disclosure
Oct 26, 2012

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Oct 26, 2012

Description

 Multiple Mozilla products contain a flaw that may lead to an unauthorized information disclosure. The issue may allow a remote attacker to bypass security wrapper protections on a location object via a property injection. This may allow the attacker to read a cross-origin location object.

Classification

 Location: Context Dependent
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

 Upgrade Firefox and Thunderbird to version 16.0.2 (10.0.10 ESR) or higher, and SeaMonkey to version 2.13.2 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization

Firefox

 16.0.1

Firefox ESR

 10.0.9

Thunderbird

 16.0.1

Thunderbird ESR

 10.0.9

SeaMonkey

 2.13.1

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/86775