Mozilla and Firefox Vulnerable to Cross Site Scripting

A vulnerability in Mozilla and Firefox browsers could allow remote intruders to bypass security restrictions and gain access to private information. A remote intruder could cause a script to execute in the user's browser in the security context of an arbitrary domain. The problem could lead to exposure of information stored in cookies. The vulnerability is due to validation errors when processing Cascading Style Sheets (CSS) and HTML documents that contain a specially crafted property and used in conjunction with the eXtensible Binding Language (XBL). Mozilla Foundation is aware of the problem however no fix is available at this time.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish