Privilege escalation through XUL persist.
- June 1, 2006
- Jonas Sicking (Mozilla)
- Firefox, SeaMonkey, Thunderbird
- Fixed in
- Firefox 220.127.116.11
- SeaMonkey 1.0.2
- Thunderbird 18.104.22.168
In certain circumstances persisted XUL attributes are associated with the wrong URL. If an attacker can get a persisted string associated with an URL that will later eval or execute that attribute in a privileged context then the attacker's code will run with the full permissions of the browser.
Exploit details withheld until sufficient users upgrade to a fixed version