940 B
940 B
| announced | fixed_in | impact | reporter | title | ||
|---|---|---|---|---|---|---|
| October 18, 2007 |
|
Critical | moz_bug_r_a4 | XPCNativeWraper pollution using Script object |
Description
Mozilla security researcher moz_bug_r_a4 reported that
it was possible to use the Script object to modify
XPCNativeWrappers in such a way that subsequent access by the browser
chrome--such as by right-clicking to open a context menu--can cause
attacker-supplied javascript to run with the same privileges as the user.
This is similar to MFSA 2007-25 fixed in
Firefox 2.0.0.5