Chrome Object Wrapper (COW) bypass through changing prototype
Description
Security researcher Mariusz Mlynski reported that it is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution.
Affected Applications
Thunderbird
Thunderbird ESR