XrayWrappers can be bypassed to run user defined methods in a privileged context

description-logoDescription

Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values.

affected-products-logoAffected Applications

Thunderbird
Thunderbird ESR

CVE References

CVE-2013-1697