Mozilla Foundation Security Advisory 2009-46

2009-08-07T00:00:00
ID SECURITYVULNS:DOC:22258
Type securityvulns
Reporter Securityvulns
Modified 2009-08-07T00:00:00

Description

Mozilla Foundation Security Advisory 2009-46

Title: Chrome privilege escalation due to incorrectly cached wrapper Impact: Critical Announced: August 3, 2009 Reporter: Wladimir Palant, moz_bug_r_a4 Products: Firefox 3.5

Fixed in: Firefox 3.5.2 Description

Mozilla add-on developer and community member Wladimir Palant reported broken functionality on pages that had a Link: HTTP header when an add-on was installed which implemented a Content Policy in JavaScript, such as AdBlock Plus or NoScript. Mozilla security researcher moz_bug_r_a4 demonstrated that the broken functionality was due to the window's global object receiving an incorrect security wrapper and that this issue could be used to execute arbitrary JavaScript with chrome privileges.

This vulnerability does not affect Firefox prior to version 3.5 References

* https://bugzilla.mozilla.org/show_bug.cgi?id=498897