You are here: Known Vulnerabilities in Mozilla Products (Firefox 18.104.22.168) > MFSA 2006-35
Mozilla Foundation Security Advisory 2006-35
Title: Privilege escalation through XUL persist.
Date: June 1, 2006
Reporter: Jonas Sicking (Mozilla)
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 22.214.171.124
In certain circumstances persisted XUL attributes are associated with the wrong URL. If an attacker can get a persisted string associated with an URL that will later eval or execute that attribute in a privileged context then the attacker's code will run with the full permissions of the browser.
Exploit details withheld until sufficient users upgrade to a fixed version