The software does not properly manage privileges while it is
switching between different contexts that have different privileges or spheres
of control.
Run callback in different security context after
it has been changed from untrusted to trusted. * note that "context switch
before actions are completed" is one type of problem that happens
frequently, espec. in browsers.
Potential Mitigations
Very carefully manage the setting, management and handling of
privileges. Explicitly manage trust zones in the software.
Follow the principle of least privilege when assigning access rights
to entities in a software system.
Consider following the principle of separation of privilege. Require
multiple conditions to be met before permitting access to a system
resource.