CVE-2009-2472

Description

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."

Related Vulnerabilities

platform vulnerability
CVE-2009-2472 xulrunner
CVE-2009-2472