Ubuntu Security Notice 896-1 - Several flaws were discovered in the browser engine of Firefox. Hidetake Jo discovered that the showModalDialog in Firefox did not always honor the same-origin policy. An attacker could exploit this to run untrusted JavaScript from other domains. Georgi Guninski discovered that the same-origin check in Firefox could be bypassed by utilizing a crafted SVG image. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Various other issues were also addressed.
8578091e1ad672bdc016ed01752d7075ec3ca1b330ce09c134bb9b7cf439d205