Mozilla Foundation Security Advisory 2007-35

XPCNativeWraper pollution using Script object

Announced
October 18, 2007
Reporter
moz_bug_r_a4
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 2.0.0.8
  • SeaMonkey 1.1.5

Description

Mozilla security researcher moz_bug_r_a4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied javascript to run with the same privileges as the user. This is similar to MFSA 2007-25 fixed in Firefox 2.0.0.5

References