• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-60

Mozilla Foundation Security Advisory 2012-60

Title: Escalation of privilege through about:newtab
Impact: Critical
Announced: August 28, 2012
Reporter: Mariusz Mlynski
Products: Firefox

Fixed in: Firefox 15

Description

Security researcher Mariusz Mlynski reported that when a page opens a new tab, a subsequent window can then be opened that can be navigated to about:newtab, a chrome privileged page. Once about:newtab is loaded, the special context can potentially be used to escalate privilege, allowing for arbitrary code execution on the local system in a maliciously crafted attack.

References

• Chrome-privileged about:newtab remains in the history chain
• CVE-2012-3965