CVE-2008-5022

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.

🔗 References (76)

• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
• secalert@redhathttp://secunia.com/advisories/32684
• secalert@redhathttp://secunia.com/advisories/32693
• secalert@redhathttp://secunia.com/advisories/32694
• secalert@redhathttp://secunia.com/advisories/32695
• secalert@redhathttp://secunia.com/advisories/32713
• secalert@redhathttp://secunia.com/advisories/32714
• secalert@redhathttp://secunia.com/advisories/32715
• secalert@redhathttp://secunia.com/advisories/32721
• secalert@redhathttp://secunia.com/advisories/32778
• secalert@redhathttp://secunia.com/advisories/32798
• secalert@redhathttp://secunia.com/advisories/32845
• secalert@redhathttp://secunia.com/advisories/32853
• secalert@redhathttp://secunia.com/advisories/33433
• secalert@redhathttp://secunia.com/advisories/33434