Red Hat Bugzilla – Bug 851916
CVE-2012-3965 Mozilla: Escalation of privilege through about:newtab (MFSA 2012-60)
Last modified: 2012-08-28 23:05:19 EDT
Security researcher Mariusz Mlynski reported that when a page opens a new tab, a subsequent window can then be opened that can be navigated to about:newtab, a chrome privileged page. Once about:newtab is loaded, the special context can potentially be used to escalate privilege, allowing for arbitrary code execution on the local system in a maliciously crafted attack.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Mariusz Mlynski as the original reporter of this flaw.
Not Vulnerable. This issue does not affect the version of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 5 and 6.