Mozilla Foundation Security Advisory 2010-38
Arbitrary code execution using SJOW and fast native function
- Announced
- July 20, 2010
- Reporter
- moz_bug_r_a4
- Impact
- Critical
- Products
- Firefox, Thunderbird
- Fixed in
-
- Firefox 3.6.7
- Thunderbird 3.1.1
Description
Mozilla security researcher moz_bug_r_a4 reported that when content script which is running in a chrome context accesses a content object via SJOW, the content code can gain access to an object from the chrome scope and use that object to run arbitrary JavaScript with chrome privileges.
Firefox 3.5 and other Mozilla products built from Gecko 1.9.1 were not affected by this issue.