According to Mozilla Foundation Security Advisory 2006-28:
The security check in js_ValueToFunctionObject() can be bypassed by clever use of setTimeout() and the new Firefox 1.5 array method ForEach. shutdown demonstrated how to leverage this into a privilege escalation vulnerability that would allow the installation of malware.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
Red Hat, Inc.
This vulnerability was reported in Mozilla Foundation Security Advisory 2006-28
|Date First Published:||2006-04-17|
|Date Last Updated:||2006-05-17 12:47 UTC|