Mozilla · Firefox · CVE-2011-3004
**Name of the Vulnerable Software and Affected Versions**
Mozilla Firefox versions 4.x through 6
SeaMonkey versions prior to 2.4
**Description**
The issue arises from the JSSubScriptLoader not properly handling XPCNativeWrappers during calls to the `loadSubScript` method in an add-on. This makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior.
**Recommendations**
For Mozilla Firefox versions 4.x through 6, consider disabling add-ons that utilize the `loadSubScript` method until a patch is available.
For SeaMonkey versions prior to 2.4, restrict access to the `loadSubScript` method in add-ons to minimize the risk of exploitation.