Mozilla Foundation Security Advisory 2006-24
Privilege escalation using crypto.generateCRMFRequest
- April 13, 2006
- Firefox, Mozilla Suite, SeaMonkey, Thunderbird
- Fixed in
- Firefox 1.0.8
- Firefox 220.127.116.11
- Mozilla Suite 1.7.13
- SeaMonkey 1.0.1
- Thunderbird 1.0.8
- Thunderbird 18.104.22.168
shutdown demonstrated that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user, which could enable an attacker to install malware.
Exploit code and details embargoed during the active update period.