MFSA 2013-72: Wrong principal used for validating URI for some Javascript componentsID: oval:org.secpod.oval:def:15021 | Date: (C)2013-09-01 (M)2024-03-27 |
Class: PATCH | Family: windows |
Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier(URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-origin policy, allowing for cross-site scripting (XSS) or the installation of malicious add-ons from third-party pages.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2016 |
Microsoft Windows 2000 |
Microsoft Windows XP |
Microsoft Windows Server 2003 |
Microsoft Windows Vista |
Microsoft Windows Server 2008 |
Microsoft Windows 7 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 10 |
Product: |
Mozilla Thunderbird |
Mozilla Thunderbird ESR |
Mozilla SeaMonkey |
Mozilla Firefox |
Mozilla Firefox ESR |