Mozilla Foundation Security Advisory 2014-13

Inconsistent JavaScript handling of access to Window objects

Announced
February 4, 2014
Reporter
Boris Zbarsky
Impact
High
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird
Fixed in
  • Firefox 27
  • Firefox ESR 24.3
  • SeaMonkey 2.24
  • Thunderbird 24.3

Description

Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window handling by bypassing of some security checks.

In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts.

References