Red Hat Bugzilla – Bug 188824
Last modified: 2007-11-30 17:07:24 EST
shutdown discovered it was possible to use the Object.watch() method to
access an internal function object (the "clone parent") which could then be
used to install malware such as password sniffers or viruses.
In pre-release versions of Firefox 1.5 the same technique could be applied
to the Array generic methods introduced in that release.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.