CVE-2009-2471

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.

Date published : 2009-07-22

http://www.securityfocus.com/bid/35758

http://www.mozilla.org/security/announce/2009/mfsa2009-39.html