|Description||Mozilla Firefox 3.x before 3.0.5 and 2.x before 126.96.36.199, Thunderbird 2.x before 188.8.131.52, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DSA-1696-1, DSA-1697-1, DSA-1704-1, DSA-1707-1|
The information below is based on the following data on fixed versions.