Endpoint Vulnerability

Wrong principal used for validating URI for some Javascript components

Description

Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier (URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-origin policy, allowing for cross-site scripting (XSS) or the installation of malicious add-ons from third-party pages.

Affected Products

SeaMonkey

References

CVE-2013-1713,