Mozilla Foundation Security Advisory 2011-46

loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch)

Announced
November 8, 2011
Reporter
moz_bug_r_a4
Impact
Critical
Products
Firefox, Thunderbird
Fixed in
  • Firefox 3.6.24
  • Thunderbird 3.1.16

Description

Mozilla security researcher moz_bug_r_a4 reported that the problem described in MFSA 2011-43 and fixed in Firefox 7 also affected Firefox 3.6: a malicious page could potentially exploit a Firefox user who had installed an add-on that used loadSubscript in vulnerable ways.

References