Mozilla Foundation Security Advisory 2010-38

Arbitrary code execution using SJOW and fast native function

Announced
July 20, 2010
Reporter
moz_bug_r_a4
Impact
Critical
Products
Firefox, Thunderbird
Fixed in
  • Firefox 3.6.7
  • Thunderbird 3.1.1

Description

Mozilla security researcher moz_bug_r_a4 reported that when content script which is running in a chrome context accesses a content object via SJOW, the content code can gain access to an object from the chrome scope and use that object to run arbitrary JavaScript with chrome privileges.

Firefox 3.5 and other Mozilla products built from Gecko 1.9.1 were not affected by this issue.

References