Mozilla Foundation Security Advisory 2009-32
- June 11, 2009
- Firefox, SeaMonkey, Thunderbird
- Fixed in
- Firefox 3.0.11
- SeaMonkey 1.1.17
- Thunderbird 18.104.22.168
Mozilla security researcher moz_bug_r_a4 reported a vulnerability which allows scripts from page content to run with elevated privileges. Using this vulnerability, an attacker could cause a chrome privileged object, such as the browser sidebar or the FeedWriter, to interact with web content in such a way that attacker controlled code may be executed with the object's chrome privileges.