CVE-2010-0170 Information

Description

Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.

Reference

http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/2010/mfsa2010-10.html http://www.securityfocus.com/bid/38918 http://www.securityfocus.com/bid/38919 http://www.vupen.com/english/advisories/2010/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=541530 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A8602