Mozilla Foundation Security Advisory 2011-02

Recursive eval call causes confirm dialogs to evaluate to true

Announced

March 1, 2011

Reporter

Zach Hoffman

Impact

Critical

Products

Firefox, SeaMonkey

Fixed in

Firefox 3.5.17
Firefox 3.6.14
SeaMonkey 2.0.12

Description

Security researcher Zach Hoffman reported that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate to true. An attacker could use this issue to force a user into accepting any dialog, such as one granting elevated privileges to the page presenting the dialog.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=616659
CVE-2011-0051

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog