188823 – CVE-2006-1735 Privilege escalation via XBL.method.eval

Bug 188823 - CVE-2006-1735 Privilege escalation via XBL.method.eval

Summary: CVE-2006-1735 Privilege escalation via XBL.method.eval

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	urgent
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:
Docs Contact:
URL:
Whiteboard:	reported=20060412,source=mozilla,emba...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-04-13 03:16 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-04-27 12:53:37 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-04-13 03:16:55 UTC

Privilege escalation via XBL.method.eval


Using the eval associated with methods of an XBL binding it was possible to
create  JavaScript  functions  that  would get compiled with the wrong
privileges, allowing the attacker to run code of their choice with the full
permission of the user running the browser. This could be used to install
spyware or viruses.

Note: Thunderbird shares the JavaScript engine with Firefox and could be
vulnerable if JavaScript were to be enabled in mail. This is not the default
setting and we strongly discourage users from running JavaScript in mail.

Workaround

Disable JavaScript until you can upgrade to a fixed version.

References

[1]https://bugzilla.mozilla.org/show_bug.cgi?id=311025
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=311403
[3]https://bugzilla.mozilla.org/show_bug.cgi?id=311455


This issue also affects FC4

Comment 1 Josh Bressers 2006-04-27 12:53:37 UTC

These issues have been resolved in FEDORA-2006-411 for FC5 and FEDORA-2006-410
for FC4

Note You need to log in before you can comment on or make changes to this bug.