Lucene search

HistoryAug 07, 2009 - 12:00 a.m.

Mozilla Foundation Security Advisory 2009-46


Mozilla Foundation Security Advisory 2009-46

Title: Chrome privilege escalation due to incorrectly cached wrapper
Impact: Critical
Announced: August 3, 2009
Reporter: Wladimir Palant, moz_bug_r_a4
Products: Firefox 3.5

Fixed in: Firefox 3.5.2

Mozilla add-on developer and community member Wladimir Palant reported broken functionality on pages that had a Link: HTTP header when an add-on was installed which implemented a Content Policy in JavaScript, such as AdBlock Plus or NoScript. Mozilla security researcher moz_bug_r_a4 demonstrated that the broken functionality was due to the window's global object receiving an incorrect security wrapper and that this issue could be used to execute arbitrary JavaScript with chrome privileges.

This vulnerability does not affect Firefox prior to version 3.5