The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox
before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and
SeaMonkey before 2.26 does not properly check whether objects are XBL
objects, which allows remote attackers to execute arbitrary code or cause a
accesses a non-XBL object as if it were an XBL object.
Updated: 2014-05-05 17:14:36 UTC (commit 8014)