Lucene search
Mozilla FoundationMFSA2011-43HistorySep 27, 2011 - 12:00 a.m.
loadSubScript unwraps XPCNativeWrapper scope parameter — Mozilla
2011-09-2700:00:00
Mozilla Foundation
www.mozilla.org
35
0.003 Low
EPSS
Percentile
69.5%
David Rees reported that the JSSubScriptLoader (a feature used by some add-ons) was “unwrapping” XPCNativeWrappers when they were used as the scope parameter to loadSubScript(). Without the protection of the wrappers the add-on could be vulnerable to privilege escalation attacks from malicious web content. Whether any given add-on were vulnerable would depend on how the add-on used the feature and whether it interacted directly with web content, but we did find at least one vulnerable add-on and presume there are more.
Related
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2011-43) - Linux
2021-11-11 00:00:00
ubuntucve
ubuntucve
CVE-2011-3004
2011-09-30 00:00:00
CVE-2011-3647
2011-11-09 00:00:00
prion
prion
Design/Logic Flaw
2011-09-29 00:55:00
Design/Logic Flaw
2011-11-09 11:55:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2011-43
2011-10-01 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-10-01 00:00:00
cvelist
cvelist
CVE-2011-3004
2011-09-29 00:00:00
CVE-2011-3647
2011-11-09 11:00:00
cve
cve
CVE-2011-3004
2011-09-29 00:55:00
CVE-2011-3647
2011-11-09 11:55:00
nessus
nessus
Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1254-1)
2011-12-23 00:00:00
Mandriva Linux Security Advisory : mozilla (MDVSA-2011:169)
2011-11-10 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2011-12-22 00:00:00
Firefox and Xulrunner vulnerabilities
2011-11-10 00:00:00
Firefox vulnerabilities
2011-09-29 00:00:00
suse
suse
seamonkey: Update to Mozilla Seamonkey 2.4 (important)
2011-09-29 15:08:19
freebsd
freebsd
Mozilla -- multiple vulnerabilities
2011-09-27 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00