Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27342
HistoryNov 25, 2011 - 12:00 a.m.

Mozilla Foundation Security Advisory 2011-46

2011-11-2500:00:00
vulners.com
32

Mozilla Foundation Security Advisory 2011-46

Title: loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch)
Impact: Critical
Announced: November 8, 2011
Reporter: moz_bug_r_a4
Products: Firefox, Thunderbird

Fixed in: Firefox 3.6.24
Thunderbird 3.1.16
Description

Mozilla security researcher moz_bug_r_a4 reported that the problem described in MFSA 2011-43 and fixed in Firefox 7 also affected Firefox 3.6: a malicious page could potentially exploit a Firefox user who had installed an add-on that used loadSubscript in vulnerable ways.

References

Security problem with loadSubscript on 1.9.2 branch
CVE-2011-3647

Related for SECURITYVULNS:DOC:27342