Mozilla Foundation Security Advisory 2009-46

Chrome privilege escalation due to incorrectly cached wrapper

Announced

August 3, 2009

Reporter

Wladimir Palant, moz_bug_r_a4

Impact

Critical

Products

Firefox

Fixed in

Firefox 3.5.2

Description

Mozilla add-on developer and community member Wladimir Palant reported broken functionality on pages that had a Link: HTTP header when an add-on was installed which implemented a Content Policy in JavaScript, such as AdBlock Plus or NoScript. Mozilla security researcher moz_bug_r_a4 demonstrated that the broken functionality was due to the window's global object receiving an incorrect security wrapper and that this issue could be used to execute arbitrary JavaScript with chrome privileges.

This vulnerability does not affect Firefox prior to version 3.5

References

https://bugzilla.mozilla.org/show_bug.cgi?id=498897
CVE-2009-2665

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2009-46

Chrome privilege escalation due to incorrectly cached wrapper

Description

References