Mozilla Foundation Security Advisory 2007-35

2007-10-23T00:00:00
ID SECURITYVULNS:DOC:18262
Type securityvulns
Reporter Securityvulns
Modified 2007-10-23T00:00:00

Description

Mozilla Foundation Security Advisory 2007-35

Title: XPCNativeWraper pollution using Script object Impact: Critical Announced: October 18, 2007 Reporter: moz_bug_r_a4 Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description

Mozilla security researcher moz_bug_r_a4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied javascript to run with the same privileges as the user. This is similar to MFSA 2007-25 fixed in Firefox 2.0.0.5 References

* https://bugzilla.mozilla.org/show_bug.cgi?id=387881
* CVE-2007-5338