Mozilla Foundation Security Advisory 2011-15

Escalation of privilege through Java Embedding Plugin

Announced
April 28, 2011
Reporter
David Remahl
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.5.19
  • Firefox 3.6.17
  • SeaMonkey 2.0.14

Description

David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system.

Firefox 4 was not affected by this issue.

References