You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-83

Mozilla Foundation Security Advisory 2012-83

Title: Chrome Object Wrapper (COW) does not disallow access to privileged functions or properties
Impact: Critical
Announced: October 9, 2012
Reporter: Mariusz Mlynski
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 16
  Firefox ESR 10.0.8
  Thunderbird 16
  Thunderbird ESR 10.0.8
  SeaMonkey 2.13

Description

Security researcher Mariusz Mlynski reported that when InstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper (COW) that fails to specify exposed properties. These can then be added to the resulting object by an attacker, allowing access to chrome privileged functions through script.

While investigating this issue, Mozilla security researcher moz_bug_r_a4 found that COW did not disallow accessing of properties from a standard prototype in some situations, even when the original issue had been fixed.

These issues could allow for a cross-site scripting (XSS) attack or arbitrary code execution.

In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.

References