Mozilla Foundation Security Advisory 2005-56
Title: Code execution through shared function objects
Severity: Critical
Reporter: moz_bug_r_a4, shutdown
Products: Firefox, Mozilla Suite
Fixed in: Firefox 1.0.5
Mozilla Suite 1.7.9
Description
Improper cloning of base objects allowed web content scripts to
get to a privileged object by walking up the prototype chain.
This could be used to execute code with enhanced privileges.
Workaround
Disable JavaScript
References
https://bugzilla.mozilla.org/show_bug.cgi?id=294795
https://bugzilla.mozilla.org/show_bug.cgi?id=294799
https://bugzilla.mozilla.org/show_bug.cgi?id=295011
https://bugzilla.mozilla.org/show_bug.cgi?id=296397