[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108684

 
 

909

 
 

85446

 
 

134

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Products: Privileged content access and execution via XBL - mfsa2013-51

ID: oval:org.secpod.oval:def:16314Date: (C)2013-12-30   (M)2018-01-30
Class: PATCHFamily: macos




Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages.

Platform:
Apple Mac OS X 10.8
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Apple Mac OS X Server 10.8
Apple Mac OS X Server 10.9
Apple Mac OS X Server 10.10
Apple Mac OS X Server 10.11
Apple Mac OS X Server 10.12
Product:
Mozilla Firefox
Mozilla Thunderbird ESR
Mozilla SeaMonkey
Mozilla Thunderbird
Mozilla Firefox ESR
Reference:
MFSA 2013-51
CVE-2013-1687
CVE    1
CVE-2013-1687
CPE    32
cpe:/a:mozilla:thunderbird_esr
cpe:/a:mozilla:thunderbird_esr:17.0.5
cpe:/a:mozilla:thunderbird_esr:17.0.6
cpe:/a:mozilla:firefox_esr:17.0.6
...

© SecPod Technologies