foundation-security-advisories/announce/2007/mfsa2007-25.md

announced	fixed_in	impact	reporter	title
July 17, 2007	Firefox 2.0.0.5 SeaMonkey 1.1.3	Moderate	shutdown and moz_bug_r_a4	XPCNativeWrapper pollution

Description

Mozilla security researchers shutdown and moz_bug_r_a4 reported two separate ways to modify an XPCNativeWrapper such that subsequent access by the browser would result in executing user-supplied code.

References

• https://bugzilla.mozilla.org/show_bug.cgi?id=369211
• https://bugzilla.mozilla.org/show_bug.cgi?id=370127
• CVE-2007-3738