Release date:
Last Updated:
Hazard level:
Vulnerability Type: Design Error
Threat Type: Remote
Vulnerability introduction:
Mozilla Firefox is a free, open-source browser applicable to Windows, Linux, and MacOS X platforms.
The implementation of the Digital Signature of JAR files in Mozilla Firefox versions 4. x to 5 cannot prevent the use of signed code from unsigned JavaScript code. Remote attackers can bypass the same-origin policy through a specially crafted web site to obtain privileges.
Vulnerability announcement:
Currently, the vendor has released an upgrade patch to fix this security issue. Obtain the patch link:
Https://developer.mozilla.org/en/Download_Mozilla_Source_Code
Reference URL:
Source: bugzilla.w.illa.org
Link: https://bugzilla.mozilla.org/show_bug.cgi? Id = 657267
Source: www.mozilla.org
Link: http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
Source: SECUNIA
Name: 45581
Link: http://secunia.com/advisories/45581