Vulnerability: multiple vulnerabilities in Mozilla products
Number of vulnerabilities: 3
CVE ID: CVE-2012-4194
Impact: Cross Site Scripting
Disclosure of sensitive data
Discovered vulnerabilities allow a remote user to make XSS attacks.
1. An error in the method valueOf when working with certain plugins. A remote user can make XSS attack.
2. An error in the function CheckURL () when determining window.location. A remote user can make XSS attack.
3. An error in the object Location. This can be exploited to bypass security restrictions and implement a cross-domain object reading Location.
Manufacturer URL: http://mozilla.org/
Solution: To resolve the vulnerability patch from the manufacturer.