Mozilla Foundation Security Advisory 2011-52

Code execution via NoWaiverWrapper

Announced
November 8, 2011
Reporter
moz_bug_r_a4
Impact
Critical
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 8
  • SeaMonkey 2.5
  • Thunderbird 8

Description

Mozilla security researcher moz_bug_r_a4 reported that an internal privilege check failed to respect the NoWaiverWrappers introduced with Firefox 4. This could result in elevated privilege being granted to web content.

References