Mozilla Foundation Security Advisory 2010-82

Incomplete fix for CVE-2010-0179

Announced
December 9, 2010
Reporter
moz_bug_r_a4
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.5.16
  • Firefox 3.6.13
  • SeaMonkey 2.0.11

Description

Mozilla security researcher moz_bug_r_a4 reported that the fix for CVE-2010-0179 could be circumvented permitting the execution of arbitrary JavaScript with chrome privileges.

References