Closed
Bug 460983
Opened 17 years ago
Closed 17 years ago
Arbitrary code execution using bug 459906
Categories
(Firefox :: Session Restore, defect)
Firefox
Session Restore
Tracking
()
VERIFIED
FIXED
People
(Reporter: moz_bug_r_a4, Assigned: mrbkap)
References
Details
(Keywords: verified1.8.1.18, verified1.9.0.4, verified1.9.1, Whiteboard: [sg:critical] fixed by 459906)
Please see bug 459906 comment #22.
The lack of XPCNativeWrapper allows an attacker to run arbitrary code with
chrome privileges.
|
||
Comment 3•17 years ago
|
||
For completeness, testcase 1 works on Mac 1.9.0.4pre as well.
Assignee: nobody → mrbkap
Flags: wanted1.9.0.x+
Flags: wanted1.8.1.x+
Flags: blocking1.9.0.5+
Flags: blocking1.8.1.18+
Flags: blocking-firefox3.1?
OS: Windows XP → All
Hardware: PC → All
Whiteboard: [sg:critical]
|
||
Updated•17 years ago
|
Flags: blocking1.8.1.18+ → blocking1.8.1.19+
|
|
||
Comment 4•17 years ago
|
||
Fix for bug 459906 checked into mozilla-central
Status: NEW → RESOLVED
Closed: 17 years ago
Flags: blocking1.9.0.5+
Flags: blocking1.9.0.4+
Flags: blocking1.8.1.19+
Flags: blocking1.8.1.18+
Resolution: --- → FIXED
Whiteboard: [sg:critical] → [sg:critical] fixed by 459906
|
|
||
Comment 5•17 years ago
|
||
fix for bug 459906 checked into the 1.8 and 1.9.0 branches
Keywords: fixed1.8.1.18,
fixed1.9.0.4
|
||
Comment 6•17 years ago
|
||
Verified for 1.9.0.4 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4pre) Gecko/2008102706 GranParadiso/3.0.4pre.
Verified for 1.8.1.18 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18pre) Gecko/2008102704 BonEcho/2.0.0.18pre.
|
||
Updated•17 years ago
|
Flags: blocking-firefox3.1? → blocking-firefox3.1+
|
|
||
Updated•17 years ago
|
Depends on: CVE-2008-5019
|
|
||
Updated•16 years ago
|
Keywords: fixed1.9.1
|
||
Comment 8•16 years ago
|
||
fix for bug bug 459906 was checked into 1.9.1 branch on 10/22/2008
verified FIXED on builds:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090713 Minefield/3.6a1pre (.NET CLR 3.5.30729) ID:20090713044326
and
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1pre) Gecko/20090708 Shiretoko/3.5.1pre (.NET CLR 3.5.30729) ID:20090708044703
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
|
|
||
Updated•16 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•