Privilege escalation through IPC channel messages

2015-05-12T00:00:00
ID MFSA2015-57
Type mozilla
Reporter Mozilla Foundation
Modified 2015-05-12T00:00:00

Description

Mozilla Developer Jed Davis and Mozilla security engineer Christoph Diehl reported that Mozilla had inherited a Inter-process Communication (IPC) vulnerability when IPC was introduced into Mozilla products through third-party code. This could allow for privilege escalation through IPC channels due to lack of message validation in the listener process.

This issue only affects systems running Windows, leaving Linux and OS X unaffected.