Mozilla

Mozilla Foundation Security Advisory 2013-23

Wrapped WebIDL objects can be wrapped again

Announced
February 19, 2013
Reporter
Boris Zbarsky
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 19
  • SeaMonkey 2.16

Description

Mozilla developer Boris Zbarsky reported that in some circumstances a wrapped WebIDL object can be wrapped multiple times, overwriting the existing wrapped state. This could lead to an exploitable condition in rare cases.

References