Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object and the potential for arbitrary code execution.

Security researcher Gareth Heyes also blogged about a Firefox 16 only symptom that is fixed in the updated versions.

This issue only affects Firefox 16.0 and does not affect the ESR version.

External Reference:

http://www.mozilla.org/security/announce/2012/mfsa2012-89.html


Acknowledgements:

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gareth Heyes as the original reporter.

Statement:

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6