You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-49

Mozilla Foundation Security Advisory 2012-49

Title: Same-compartment Security Wrappers can be bypassed
Impact: Critical
Announced: July 17, 2012
Reporter: Bobby Holley
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 14
  Firefox ESR 10.0.6
  Thunderbird 14
  Thunderbird ESR 10.0.6
  SeaMonkey 2.11

Description

Mozilla developer Bobby Holley found that same-compartment security wrappers (SCSW) can be bypassed by passing them to another compartment. Cross-compartment wrappers often do not go through SCSW, but have a filtering policy built into them. When an object is wrapped cross-compartment, the SCSW is stripped off and, when the object is read read back, it is not known that SCSW was previously present, resulting in a bypassing of SCSW. This could result in untrusted content having access to the XBL that implements browser functionality.

References