Mozilla Foundation Security Advisory 2010-82
Title: Incomplete fix for CVE-2010-0179
Impact: Critical
Announced: December 9, 2010
Reporter: moz_bug_r_a4
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6.13
Firefox 3.5.16
SeaMonkey 2.0.11
Description
Mozilla security researcher moz_bug_r_a4 reported that the fix for CVE-2010-0179 could be circumvented permitting the execution of arbitrary JavaScript with chrome privileges.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=554449
* CVE-2010-3773