Code execution through shared function objects
- July 12, 2005
- moz_bug_r_a4, shutdown
- Firefox, Mozilla Suite
- Fixed in
- Firefox 1.0.5
- Mozilla Suite 1.7.10
Improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object. This could be used to execute code with enhanced privileges.
Upgrade to a version containing the fix.
Bug details embargoed until August 1, 2005