Mozilla Products: Same-origin bypass through symbolic links - mfsa2013-84ID: oval:org.secpod.oval:def:16379 | Date: (C)2013-12-30 (M)2023-11-18 |
Class: PATCH | Family: macos |
Security researcher Takeshi Terada reported a mechanism to violate same-origin policy for local files using file:// through the use of symbolic links. This problem only affects web pages loaded from the local filesystem. This could allow for cross-site scripting (XSS) and access to locally stored Firefox files containing passwords and cookies.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |