You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.5) > MFSA 2006-16
Mozilla Foundation Security Advisory 2006-16
Title: Accessing XBL compilation scope via valueOf.call()
Date: April 13, 2006
Products: Firefox, Thunderbird, Mozilla Suite
Fixed in: Firefox 1.5
Mozilla Suite 1.7.13
shutdown reported an alternate way to get to XBL compilation scope by inserting an XBL method into the DOM's document.body prototype chain.
Exploit code and details embargoed during the active update period.