Upstream information
Description
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Novell/SUSE information
Novell Bugzilla entry: 495473 SUSE Security Advisories:- SUSE-SR:2009:010, published Tue, 12 May 2009 08:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|