Privilege escalation through IPC channel messages
- May 12, 2015
- Jed Davis, Christoph Diehl
- Firefox, Firefox ESR, SeaMonkey, Thunderbird
- Fixed in
- Firefox 38
- Firefox ESR 31.7
- SeaMonkey 2.35
- Thunderbird 31.7
- Thunderbird 38.0.1
Mozilla Developer Jed Davis and Mozilla security engineer Christoph Diehl reported that Mozilla had inherited a Inter-process Communication (IPC) vulnerability when IPC was introduced into Mozilla products through third-party code. This could allow for privilege escalation through IPC channels due to lack of message validation in the listener process.
This issue only affects systems running Windows, leaving Linux and OS X unaffected.