Mozilla Products: Clone protected content with XBL scopes - mfsa2014-02 (Mac OS X)ID: oval:org.secpod.oval:def:16725 | Date: (C)2014-02-10 (M)2024-02-19 |
Class: PATCH | Family: macos |
Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Product: |
Mozilla Firefox |
Mozilla Firefox ESR |
Mozilla SeaMonkey |
Mozilla Thunderbird |