Computer Security

Security Advisory: Mozilla Foundation Security Advisory 2008-39
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

  Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service.

  Mozilla Foundation Security Advisory 2008-37

  Mozilla Foundation Security Advisory 2008-38

  Mozilla Foundation Security Advisory 2008-40

From:MOZILLA
Date:29.09.2008
Subject:Mozilla Foundation Security Advisory 2008-39

Mozilla Foundation Security Advisory 2008-39

Title: Privilege escalation using feed preview page and XSS flaw
Impact: Critical
Announced: September 23, 2008
Reporter: moz_bug_r_a4
Products: Firefox

Fixed in: Firefox 2.0.0.17
Description

Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges.

Firefox 3 is not affected by this issue
Workaround

Disable JavaScript until a version containing these fixes can be installed.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=360529
   * https://bugzilla.mozilla.org/show_bug.cgi?id=430658
   * CVE-2008-3836

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru