Mozilla has released updated versions of Firefox, Thunderbird, SeaMonkey that close three critical vulnerabilities related to the Location object .
Vulnerability details:
CVE-2012-4194:
The vulnerability allows attacker to use the valueOf method combined with some plugins to perform a XSS attack on users.
CVE-2012-4195:
CheckURL function in window.location can be forced to return the wrong calling document and principal, results in XSS attack
CVE-2012-4196
Allow an outsider to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location objectVulnerability details:
CVE-2012-4194:
The vulnerability allows attacker to use the valueOf method combined with some plugins to perform a XSS attack on users.
CVE-2012-4195:
CheckURL function in window.location can be forced to return the wrong calling document and principal, results in XSS attack
CVE-2012-4196
The vulnerabilities has been fixed in Firefox 16.0.2, Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 and SeaMonkey 2.13.2.