Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22201
HistoryJul 22, 2009 - 12:00 a.m.

Mozilla Foundation Security Advisory 2009-39

2009-07-2200:00:00
vulners.com
19
JSON

Mozilla Foundation Security Advisory 2009-39

Title: setTimeout loses XPCNativeWrappers
Impact: Critical
Announced: July 21, 2009
Reporter: Blake Kaplan
Products: Firefox

Fixed in: Firefox 3.5
Firefox 3.0.12
Description

Mozilla developer Blake Kaplan reported that setTimeout, when called with certain object parameters which should be protected with a XPCNativeWrapper, will fail to keep the object wrapped when compiling the new function to be executed. If chrome privileged code were to call setTimeout using this as an argument, the this object will lose its wrapper and could be unsafely accessed by chrome code. An attacker could use such vulnerable code to run arbitrary JavaScript with chrome privileges.
Workaround

Disable JavaScript until a version containing this fix can be installed.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=460882
* CVE-2009-2471

Related

prion 1
veracode 1
ubuntucve 1
mozilla 1
cve 1
openvas 22
fedora 18
osv 1
nessus 15
debian 1
securityvulns 1
suse 2
seebug 1
oraclelinux 1
centos 1
redhat 1
gentoo 1
prion
prion
Design/Logic Flaw
2009-07-22 18:30:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:36:34
ubuntucve
ubuntucve
CVE-2009-2471
2009-07-22 00:00:00
mozilla
mozilla
setTimeout loses XPCNativeWrappers — Mozilla
2009-07-21 00:00:00
cve
cve
CVE-2009-2471
2009-07-22 18:30:00
openvas
openvas
Mozilla Firefox Multiple Vulnerabilities (Jul 2009) - Linux
2009-07-23 00:00:00
Mozilla Firefox Multiple Vulnerabilities July-09 (Linux)
2009-07-23 00:00:00
Mozilla Firefox Multiple Vulnerabilities July-09 (Windows)
2009-07-23 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: ruby-gnome2-0.19.0-3.fc10.1
2009-07-23 19:14:52
[SECURITY] Fedora 10 Update: galeon-2.0.7-12.fc10
2009-07-23 19:14:52
[SECURITY] Fedora 10 Update: firefox-3.0.12-1.fc10
2009-07-23 19:14:52
osv
osv
xulrunner - several vulnerabilities
2009-07-23 00:00:00
nessus
nessus
Scientific Linux Security Update : firefox on SL5.x i386/x86_64
2012-08-01 00:00:00
Scientific Linux Security Update : firefox on SL4.x i386/x86_64
2012-08-01 00:00:00
Fedora 10 : Miro-2.0.5-2.fc10 / blam-1.8.5-12.fc10 / devhelp-0.22-10.fc10 / epiphany-2.24.3-8.fc10 / etc (2009-7961)
2009-07-24 00:00:00
debian
debian
[SECURITY] [DSA 1840-1] New xulrunner packages fix several vulnerabilities
2009-07-23 10:30:34
securityvulns
securityvulns
Multiple Mozilla Firefox security vulnerabilities
2009-07-22 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-08-06 11:30:16
remote code execution in MozillaFirefox
2009-07-27 13:06:57
seebug
seebug
Mozilla Firefox MFSA存在多个安全漏洞
2009-07-24 00:00:00
oraclelinux
oraclelinux
firefox security update
2009-07-22 00:00:00
centos
centos
firefox, xulrunner security update
2009-07-28 12:22:37
redhat
redhat
(RHSA-2009:1162) Critical: firefox security update
2009-07-21 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
JSON
Related for SECURITYVULNS:DOC:22201
prion1veracode1ubuntucve1mozilla1cve1openvas22fedora18osv1nessus15debian1securityvulns1suse2seebug1oraclelinux1centos1redhat1gentoo1