Mozilla allows content-defined setters on object prototypes to execute with elevated privileges. This may allow a remote attacker to execute arbitrary code.
The complete impact of this vulnerability is not yet known.
Apply an update
Thanks to the Mozilla Foundation Security Advisory for reporting this vulnerability, who in turn credit Paul Nickerson and moz_bug_r_a4.
This document was written by Will Dormann.
|Date First Published:||2006-06-02|
|Date Last Updated:||2007-02-09 14:36 UTC|