Mozilla Foundation Security Advisory 2006-31
EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
- June 1, 2006
- Firefox, SeaMonkey, Thunderbird
- Fixed in
- Firefox 188.8.131.52
- SeaMonkey 1.0.2
- Thunderbird 184.108.40.206
In Mozilla clients the primary use for EvalInSandbox is to run the Proxy Autoconfig script should one be specified by your network administrator. This is a rare option for home users, it is primarily used by institutional networks which have a need for remote configuration.
The popular Greasemonkey extension uses EvalInSandbox to run userscripts which manipulate the web pages you visit on your behalf. Using this vulnerability a malicious userscript could gain enough privilege to install malware, but even when Greasemonkey is working as designed a malicious userscript can make life miserable. Only install userscripts from sources you can trust.
On the Connection Settings preferences select either "Direct connection to the Internet" (the default) or "Manual proxy configuration."
If you use Greasemonkey user only install userscripts from trusted sources and inspect them for occurrances of valueOf(). Or simply disable Greasemonkey until you can upgrade to a newer version.