Mozilla Foundation Security Advisory 2010-38

2010-07-24T00:00:00
ID SECURITYVULNS:DOC:24311
Type securityvulns
Reporter Securityvulns
Modified 2010-07-24T00:00:00

Description

Mozilla Foundation Security Advisory 2010-38

Title: Arbitrary code execution using SJOW and fast native function Impact: Critical Announced: July 20, 2010 Reporter: moz_bug_r_a4 Products: Firefox, Thunderbird

Fixed in: Firefox 3.6.7 Thunderbird 3.1.1 Description

Mozilla security researcher moz_bug_r_a4 reported that when content script which is running in a chrome context accesses a content object via SJOW, the content code can gain access to an object from the chrome scope and use that object to run arbitrary JavaScript with chrome privileges.

Firefox 3.5 and other Mozilla products built from Gecko 1.9.1 were not affected by this issue. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=567069
* CVE-2010-1215