Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 390771

Summary: www-client/firefox,mail-client/thunderbird: loadSubScript unwraps XPCNativeWrapper scope parameter (CVE-2011-3647)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 381245    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2011-11-17 00:18:36 UTC 
CVE-2011-3647 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647):
  The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird
  before 3.1.6 does not properly handle XPCNativeWrappers during calls to the
  loadSubScript method in an add-on, which makes it easier for remote
  attackers to gain privileges via a crafted web site that leverages certain
  unwrapping behavior, a related issue to CVE-2011-3004.


From the upstream advisory at https://www.mozilla.org/security/announce/2011/mfsa2011-46.html:

Mozilla security researcher moz_bug_r_a4 reported that the problem described in MFSA 2011-43 and fixed in Firefox 7 also affected Firefox 3.6: a malicious page could potentially exploit a Firefox user who had installed an add-on that used loadSubscript in vulnerable ways.
Comment 1 Jory A. Pratt gentoo-dev 2011-12-12 16:24:15 UTC 
Mozilla team is not needed here.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:05:05 UTC 
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).