Mozilla Foundation Security Advisory 2015-28

Privilege escalation through SVG navigation

Announced
March 20, 2015
Reporter
Mariusz Mlynski
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey
Fixed in
  • Firefox 36.0.4
  • Firefox ESR 31.5.3
  • SeaMonkey 2.33.1

Description

Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation.

An incomplete version of this fix was shipped in Firefox 36.0.3 and Firefox ESR 31.5.2.

References