Mozilla Foundation Security Advisory 2009-32
Announced: June 11, 2009
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.0.11
Mozilla security researcher moz_bug_r_a4 reported a vulnerability which allows scripts from page content to run with elevated privileges. Using this vulnerability, an attacker could cause a chrome privileged object, such as the browser sidebar or the FeedWriter, to interact with web content in such a way that attacker controlled code may be executed with the object's chrome privileges.