Arbitrary Code Execution via Prototype Chain Navigation in Firefox and Mozilla

Arbitrary Code Execution via Prototype Chain Navigation in Firefox and Mozilla

CVE-2005-2270 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.

Learn more about our Web Application Penetration Testing UK.