Vulnerability Note VU#575969
Mozilla may process content-defined setters on object prototypes with elevated privileges
Overview
Mozilla allows content-defined setters on object prototypes to execute with elevated privileges. This may allow a remote attacker to execute arbitrary code.
Description
Setters A setter is a method in JavaScript that sets the value of a property. |
Impact
The complete impact of this vulnerability is not yet known. |
Solution
Apply an update |
|
Systems Affected (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Mozilla, Inc. | Affected | - | 02 Jun 2006 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A | N/A |
References
- http://www.mozilla.org/security/announce/2006/mfsa2006-37.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=330773
- http://developer.mozilla.org/en/docs/Core_JavaScript_1.5_Guide:Creating_New_Objects:Defining_Getters_and_Setters
- http://www.securityfocus.com/bid/18228
Credit
Thanks to the Mozilla Foundation Security Advisory for reporting this vulnerability, who in turn credit Paul Nickerson and moz_bug_r_a4.
This document was written by Will Dormann.
Other Information
- CVE IDs: CVE-2006-2776
- Date Public: 01 Jun 2006
- Date First Published: 02 Jun 2006
- Date Last Updated: 09 Feb 2007
- Severity Metric: 11.48
- Document Revision: 13
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.