4 matches found
security flaw
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended...
security flaw
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended...
Mozilla may process content-defined setters on object prototypes with elevated privileges
Overview Mozilla allows content-defined setters on object prototypes to execute with elevated privileges. This may allow a remote attacker to execute arbitrary code. Description Setters A setter is a method in JavaScript that sets the value of a property. The problem The setters in Mozilla are...
Remote compromise via content-defined setter on object prototypes — Mozilla
Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code, and mozbugra4 was able to develop an exploit PoC that demonstrated that the higher privilege level could be passed along to the content-defined attack code...