Bugzilla@Mozilla – Bug 460983
Arbitrary code execution using bug 459906
Last modified: 2009-07-22 17:32:42 PDT
Summon comment box
Please see bug 459906 comment #22. The lack of XPCNativeWrapper allows an attacker to run arbitrary code with chrome privileges.
For completeness, testcase 1 works on Mac 1.9.0.4pre as well.
Fix for bug 459906 checked into mozilla-central
fix for bug 459906 checked into the 1.8 and 1.9.0 branches
Verified for 1.9.0.4 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4pre) Gecko/2008102706 GranParadiso/3.0.4pre. Verified for 1.8.1.18 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18pre) Gecko/2008102704 BonEcho/2.0.0.18pre.
doesn't affect 1.8.0 branch.
fix for bug bug 459906 was checked into 1.9.1 branch on 10/22/2008 verified FIXED on builds: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090713 Minefield/3.6a1pre (.NET CLR 3.5.30729) ID:20090713044326 and Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1pre) Gecko/20090708 Shiretoko/3.5.1pre (.NET CLR 3.5.30729) ID:20090708044703