You are here: Known Vulnerabilities in Mozilla Products (Firefox 188.8.131.52) > MFSA 2006-52
Mozilla Foundation Security Advisory 2006-52
Title: PAC privilege escalation using Function.prototype.call
Announced: July 25, 2006
Products: Firefox, SeaMonkey
Fixed in: Firefox 184.108.40.206
moz_bug_r_a4 reports that a malicious Proxy AutoConfig (PAC) server could serve a PAC script that can execute code with elevated privileges by setting the required FindProxyForURL function to the eval method on a privileged object that leaked into the PAC sandbox. By redirecting the victim to a specially-crafted URL -- easily done since the PAC script controls which proxy to use -- the URL "hostname" can be executed as privileged script.
A malicious proxy server can perform spoofing attacks on the user so it was already important to use a trustworthy PAC server.
Disable Proxy AutoConfig (the default setting). If that is impractical ensure that the PAC server and proxy you use are trustworthy and reached over a trusted network. Do not use the WPAD setting if you have a mobile computer that is ever used outside of the trusted network (such as at a WiFi hotspot).