XPCNativeWrappers Privilege Escalation Vulnerability

CVE-2011-3647 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.

Learn more about our Web App Pen Testing.