You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2009-70

Mozilla Foundation Security Advisory 2009-70

Title: Privilege escalation via chrome window.opener
Impact: Moderate
Announced: December 15, 2009
Reporter: David James
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.5.6
  Firefox 3.0.16
  SeaMonkey 2.0.1

Description

Security researcher David James reported that a content window which is opened by a chrome window retains a reference to the chrome window via the window.opener property. Using this reference, content in the new window can access functions inside the chrome window, such as eval, and use these functions to run arbitrary JavaScript code with chrome privileges. In a stock Mozilla browser a remote attacker can not cause these application dialogs to appear nor to automatically load the attack code that takes advantage of this flaw in window.opener. There may be add-ons which open potentially hostile web-content in this way, and combined with such an add-on the severity of this flaw could be upgraded to Critical.

References