By using bug 768101's trick, content can take advantage of bug 770429 and perform a privilege escalation attack without user interaction.
This works on fx10-16.
Assigning to Bobby for book keeping and double checking the fix.
Assignee: nobody → bobbyholley+bmo
Did those changes end up fixing this problem?
The testcase doesn't seem to do much on my OS X machine with Firefox 14.0.1 or current nightly. I get a blank iframe on a page.
Let's wait for this to be fixed on trunk before tracking for a specific ESR version again. Bobby - can you try to see if you have better luck than Al?
Oh nevermind, bug 760109 has an approval request. We'll leave this at 15+.
bug 760109 is landed in 15 and ESR 10.0.7 (15+) but there's still some work here for bug 768101 coming for 16 so bumping up the esr tracking flag for the next release.
This may now be fixed in Firefox 18 since bug 768101 might be. This testcase probably no longer works (I get Error: Access to 'chrome://browser/content/browser.xul' from script denied) because bug 770429 was fixed. I guess we might as well call this fixed and if there are unfixed variations they can go into new bugs.
calling this fixed in 15 because it's using 768101 to abuse bug 770429, and that was fixed in 15.
You need to log in before you can comment on or make changes to this bug.