Privilege escalation using crypto.generateCRMFRequest
shutdown demonstrated that the crypto.generateCRMFRequest method can be used
to run arbitrary code with the privilege of the user, which could enable an
attacker to install malware.
Note: Thunderbird shares the browser engine with Firefox and could be
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.