Last Comment Bug 460983 - Arbitrary code execution using bug 459906
: Arbitrary code execution using bug 459906
Status: VERIFIED FIXED
: [sg:critical] fixed by 459906
: verified1.8.1.18, verified1.9.0.4, verified1.9.1
Product: Firefox
Classification: Client Software
Component: Session Restore
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Blake Kaplan (:mrbkap)
: session.restore
:
: CVE-2008-5019
:
  Show dependency treegraph
 
Reported: 2008-10-21 09:47 PDT by moz_bug_r_a4
Modified: 2009-07-22 17:32 PDT (History)
8 users (show)
mbeltzner: blocking‑firefox3.5+
dveditz: blocking1.9.0.4+
dveditz: wanted1.9.0.x+
dveditz: blocking1.8.1.18+
dveditz: wanted1.8.1.x+
asac: blocking1.8.0.next-
asac: wanted1.8.0.x-
See Also:
Crash Signature:


Attachments

Summon comment box

Description moz_bug_r_a4 2008-10-21 09:47:26 PDT
Please see bug 459906 comment #22.

The lack of XPCNativeWrapper allows an attacker to run arbitrary code with
chrome privileges.
Comment 3 Daniel Veditz 2008-10-21 10:14:40 PDT
For completeness, testcase 1 works on Mac 1.9.0.4pre as well.
Comment 4 Daniel Veditz 2008-10-23 16:23:36 PDT
Fix for bug 459906 checked into mozilla-central
Comment 5 Daniel Veditz 2008-10-24 17:24:50 PDT
fix for bug 459906 checked into the 1.8 and 1.9.0 branches
Comment 6 Al Billings [:abillings] 2008-10-27 17:39:40 PDT
Verified for 1.9.0.4 with  Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4pre) Gecko/2008102706 GranParadiso/3.0.4pre. 

Verified for 1.8.1.18 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18pre) Gecko/2008102704 BonEcho/2.0.0.18pre.
Comment 7 Alexander Sack 2008-11-16 20:41:34 PST
doesn't affect 1.8.0 branch.
Comment 8 Aakash Desai [:aakashd] 2009-07-13 09:54:56 PDT
fix for bug bug 459906 was checked into 1.9.1 branch on 10/22/2008

verified FIXED on builds:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090713 Minefield/3.6a1pre (.NET CLR 3.5.30729) ID:20090713044326

and

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1pre) Gecko/20090708 Shiretoko/3.5.1pre (.NET CLR 3.5.30729) ID:20090708044703

Note You need to log in before you can comment on or make changes to this bug.