Multiple Mozilla products contain a flaw that may lead to an unauthorized information disclosure. The issue may allow a remote attacker to bypass security wrapper protections on a location object via a property injection. This may allow the attacker to read a cross-origin location object.
Loss of Confidentiality
Upgrade Firefox and Thunderbird to version 16.0.2 (10.0.10 ESR) or higher, and SeaMonkey to version 2.13.2 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.