Mozilla Foundation Security Advisory 2007-25

2007-07-19T00:00:00
ID SECURITYVULNS:DOC:17525
Type securityvulns
Reporter Securityvulns
Modified 2007-07-19T00:00:00

Description

Mozilla Foundation Security Advisory 2007-25 Title: XPCNativeWrapper pollution Impact: Moderate Announced: July 17, 2007 Reporter: shutdown and moz_bug_r_a4 Products: Firefox

Fixed in: Firefox 2.0.0.5 Description shutdown and moz_bug_r_a4 reported two separate ways to modify an XPCNativeWrapper such that subsequent access by the browser would result in executing user-supplied code.

References https://bugzilla.mozilla.org/show_bug.cgi?id=369211 https://bugzilla.mozilla.org/show_bug.cgi?id=370127 CVE-2007-3738