Mozilla Foundation Security Advisory 2006-16
Accessing XBL compilation scope via valueOf.call()
- April 13, 2006
- Firefox, Mozilla Suite, SeaMonkey, Thunderbird
- Fixed in
- Firefox 1.0.8
- Firefox 1.5
- Mozilla Suite 1.7.13
- SeaMonkey 1
- Thunderbird 1.0.8
- Thunderbird 1.5
shutdown reported an alternate way to get to XBL compilation scope by inserting an XBL method into the DOM's document.body prototype chain.
Exploit code and details embargoed during the active update period.