Mozilla Browser/Firefox Chrome Page Loading Restriction Bypass Privilege Escalation Weakness

Mozilla Browser/Firefox are prone to a potential arbitrary code-execution weakness.

Specifically, an attacker can load privileged 'chrome' pages from an unprivileged 'about:' page. This issue does not pose a threat unless it is combined with a same-origin violation issue.

If successfully exploited, this issue may allow a remote attacker to execute arbitrary code and gain unauthorized remote access to a computer. This would occur in the context of the user running the browser.


 

Privacy Statement
Copyright 2010, SecurityFocus