Endpoint Vulnerability

Privilege escalation through IPC channel messages

Description

Mozilla Developer Jed Davis and Mozilla security engineer Christoph Diehl reported that Mozilla had inherited a Inter-process Communication (IPC) vulnerability when IPC was introduced into Mozilla products through third-party code. This could allow for privilege escalation through IPC channels due to lack of message validation in the listener process.

Affected Products

SeaMonkey

References

CVE-2011-3079,