You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-02
Mozilla Foundation Security Advisory 2011-02
Title: Recursive eval call causes confirm dialogs to evaluate to true
Impact: Critical
Announced: March 1, 2011
Reporter: Zach Hoffman
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6.14
Firefox 3.5.17
SeaMonkey 2.0.12
Description
Security researcher Zach Hoffman reported that a
recursive call to eval()
wrapped in
a try/catch
statement places the browser into a
inconsistent state. Any dialog box opened in this state is displayed
without text and with non-functioning buttons. Closing the window
causes the dialog to evaluate to true. An attacker could use this
issue to force a user into accepting any dialog, such as one granting
elevated privileges to the page presenting the dialog.