A vulnerability has been reported in Mozilla products, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error within the handling of "about:blank" pages loaded by chrome in an addon. This can be exploited to execute script code under chrome privileges by e.g. clicking on a link opened in an "about:blank" window created and populated in certain ways by an addon.
Successful exploitation requires that certain addons are installed.
The vulnerability is reported in the following products and versions:
* Firefox 22.214.171.124
* Thunderbird 126.96.36.199
* Thunderbird 1.5.0.x
* SeaMonkey 1.1.3
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Mozilla Products Addon Chrome-Loaded "about:blank" Cross-Context Scripting
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.