You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-115

Mozilla Foundation Security Advisory 2013-115

Title: GetElementIC typed array stubs can be generated outside observed typesets
Impact: High
Announced: December 10, 2013
Reporter: Eric Faust
Products: Firefox, Thunderbird, Seamonkey

Fixed in: Firefox 26
  Firefox ESR 24.2
  Thunderbird 24.2
  Seamonkey 2.23

Description

Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact.

In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts.

References