You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.5) > MFSA 2005-56

Mozilla Foundation Security Advisory 2005-56

Title: Code execution through shared function objects
Severity: Critical
Reporter: moz_bug_r_a4, shutdown
Products: Firefox, Mozilla Suite

Fixed in: Firefox 1.0.5
  Mozilla Suite 1.7.10


Improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object. This could be used to execute code with enhanced privileges.


Upgrade to a version containing the fix.


Bug details embargoed until August 1, 2005