FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- privilege escalation via non-DOM property overrides

Affected packages
firefox < 1.0.4,1
linux-firefox < 1.0.4
mozilla < 1.7.8,2
1.8.*,2 <= mozilla
linux-mozilla < 1.7.8
1.8.* <= linux-mozilla
linux-mozilla-devel < 1.7.8
1.8.* <= linux-mozilla-devel
0 <= netscape7
0 <= de-linux-mozillafirebird
0 <= el-linux-mozillafirebird
0 <= ja-linux-mozillafirebird-gtk1
0 <= ja-mozillafirebird-gtk2
0 <= linux-mozillafirebird
0 <= ru-linux-mozillafirebird
0 <= zhCN-linux-mozillafirebird
0 <= zhTW-linux-mozillafirebird
0 <= de-linux-netscape
0 <= de-netscape7
0 <= fr-linux-netscape
0 <= fr-netscape7
0 <= ja-linux-netscape
0 <= ja-netscape7
0 <= linux-netscape
0 <= linux-phoenix
0 <= mozilla+ipv6
0 <= mozilla-embedded
0 <= mozilla-firebird
0 <= mozilla-gtk
0 <= mozilla-gtk1
0 <= mozilla-gtk2
0 <= mozilla-thunderbird
0 <= phoenix
0 <= pt_BR-netscape7

Details

VuXML ID a6427195-c2c7-11d9-89f7-02061b08fc24
Discovery 2005-05-11
Entry 2005-05-12

A Mozilla Foundation Security Advisory reports:

Additional checks were added to make sure Javascript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them in order to protect against an additional variant of MFSA 2005-41.

The Mozilla Foundation Security Advisory MFSA 2005-41 reports:

moz_bug_r_a4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu.

References

URL http://www.mozilla.org/security/announce/mfsa2005-44.html