FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- privilege escalation via non-DOM property overrides

Affected packages
		firefox	<	1.0.4,1
		linux-firefox	<	1.0.4
		mozilla	<	1.7.8,2
1.8.*,2	<=	mozilla
		linux-mozilla	<	1.7.8
1.8.*	<=	linux-mozilla
		linux-mozilla-devel	<	1.7.8
1.8.*	<=	linux-mozilla-devel
0	<=	netscape7
0	<=	de-linux-mozillafirebird
0	<=	el-linux-mozillafirebird
0	<=	ja-linux-mozillafirebird-gtk1
0	<=	ja-mozillafirebird-gtk2
0	<=	linux-mozillafirebird
0	<=	ru-linux-mozillafirebird
0	<=	zhCN-linux-mozillafirebird
0	<=	zhTW-linux-mozillafirebird
0	<=	de-linux-netscape
0	<=	de-netscape7
0	<=	fr-linux-netscape
0	<=	fr-netscape7
0	<=	ja-linux-netscape
0	<=	ja-netscape7
0	<=	linux-netscape
0	<=	linux-phoenix
0	<=	mozilla+ipv6
0	<=	mozilla-embedded
0	<=	mozilla-firebird
0	<=	mozilla-gtk
0	<=	mozilla-gtk1
0	<=	mozilla-gtk2
0	<=	mozilla-thunderbird
0	<=	phoenix
0	<=	pt_BR-netscape7

Details

VuXML ID	a6427195-c2c7-11d9-89f7-02061b08fc24
Discovery	2005-05-11
Entry	2005-05-12

A Mozilla Foundation Security Advisory reports:

Additional checks were added to make sure Javascript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them in order to protect against an additional variant of MFSA 2005-41.

[source]

The Mozilla Foundation Security Advisory MFSA 2005-41 reports:

moz_bug_r_a4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu.

[source]

References

URL	http://www.mozilla.org/security/announce/mfsa2005-44.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.