Mozilla Foundation Security Advisory 2007-21
Privilege escallation using an event handler attached to an element not in the document
- July 17, 2007
- Firefox, SeaMonkey
- Fixed in
- Firefox 126.96.36.199
- SeaMonkey 1.1.3
An attacker can use an element outside of a document to call an event handler allowing content to run arbitrary code with chrome privileges.