Computer Security

Security Advisory: Mozilla Foundation Security Advisory 2008-03
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities

  [Full-disclosure] Firefox 2.0.0.12 information leak vulnerability

  Mozilla Foundation Security Advisory 2008-11

  Mozilla Foundation Security Advisory 2008-10

  Mozilla Foundation Security Advisory 2008-09

From:MOZILLA
Date:10.02.2008
Subject:Mozilla Foundation Security Advisory 2008-03

Mozilla Foundation Security Advisory 2008-03

Title: Privilege escalation, XSS, Remote Code Execution
Impact: Critical
Announced: February 7, 2008
Reporter: moz_bug_r_a4, Boris Zbarsky
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 2.0.0.12
 Thunderbird 2.0.0.12
 SeaMonkey 1.1.8
Description

Mozilla contributors moz_bug_r_a4 and Boris Zbarsky submitted a series of vulnerabilities which allow scripts from page content to escape from its sandboxed context and/or run with chrome privileges. An additional vulnerability reported by moz_bug_r_a4 demonstrated that the XMLDocument.load() function can be used to inject script into another site, violating the browser's same-origin policy.
Workaround

Disable JavaScript until a version containing these fixes can be installed.
References

   * JavaScript privilege escalation bugs
   * CVE-2008-0415

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru