Endpoint Vulnerability

Compartment mismatch re-attaching XBL-backed nodes

Description

Security researcher Sachin Shinde reported that moving certain XBL-backed nodes from a document into the replacement document created by document.open() can cause a JavaScript compartment mismatch which can often lead to exploitable conditions.

Affected Products

SeaMonkey

References

CVE-2013-1730,