You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.5) > MFSA 2005-56

Mozilla Foundation Security Advisory 2005-56

Title: Code execution through shared function objects
Severity: Critical
Reporter: moz_bug_r_a4, shutdown
Products: Firefox, Mozilla Suite

Fixed in: Firefox 1.0.5
  Mozilla Suite 1.7.10

Description

Improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object. This could be used to execute code with enhanced privileges.

Workaround

Upgrade to a version containing the fix.

References

Bug details embargoed until August 1, 2005