Basic search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25838
HistoryMar 03, 2011 - 12:00 a.m.

Mozilla Foundation Security Advisory 2011-02

2011-03-0300:00:00
vulners.com
29

Mozilla Foundation Security Advisory 2011-02

Title: Recursive eval call causes confirm dialogs to evaluate to true
Impact: Critical
Announced: March 1, 2011
Reporter: Zach Hoffman
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6.14
Firefox 3.5.17
SeaMonkey 2.0.12
Description

Security researcher Zach Hoffman reported that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate to true. An attacker could use this issue to force a user into accepting any dialog, such as one granting elevated privileges to the page presenting the dialog.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=616659
* CVE-2011-0051
Related for SECURITYVULNS:DOC:25838