|
|
|
Vulnerability Note VU#263412Mozilla products vulnerable to privilege escalation via a JavaScript watch() functionOverviewA vulnerability exists in Mozilla products that may allow a remote attacker to gain elevated privileges.I. DescriptionMozilla products contain a vulnerability in the way the JavaScript watch() function is handled that may result in privilege escalation. According to the Mozilla Foundation Security Advisory 2006-70:Shutdown demonstrated that it was possible to use a JavaScript watch() to gain elevated privilege. II. ImpactA remote, unauthenticated attacker may be able to gain elevated privileges.III. SolutionApply an updateAccording to the Mozilla Foundation Security Advisory 2006-70, this vulnerability is addressed in Firefox 2.0.0.1, Firefox 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7.
References
This issue was reported in Mozilla Foundation Security Advisory 2006-70. Mozilla credits shutdown with providing information about this issue. This document was written by Chris Taschner.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||