Computer Security
[EN] securityvulns.ru
no-pyccku



Related information

  Mozilla Firefox / Thunderbird / Seamonkey multiple seucrity vulnerabilities

  Firefox cross-domain text theft (CESA-2008-
011)

  Mozilla Foundation Security Advisory 2008-60

  Mozilla Foundation Security Advisory 2008-61

  Mozilla Foundation Security Advisory 2008-62

From:MOZILLA
Date:18.12.2008
Subject:Mozilla Foundation Security Advisory 2008-69

Mozilla Foundation Security Advisory 2008-69

Title: XSS vulnerabilities in SessionStore
Impact: Critical
Announced: December 16, 2008
Reporter: moz_bug_r_a4
Products: Firefox

Fixed in: Firefox 3.0.5
 Firefox 2.0.0.19
Description

Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser's same-origin policy and perform an XSS attack while SessionStore data is being restored.

moz_bug_r_a4 also reported that one variant could be used by an attacker to run arbitrary JavaScript with chrome privileges.
Workaround

Disable JavaScript or the session-restore feature until a version containing these fixes can be installed.
References

   * SessionStore XSS hazards
   * CVE-2008-5513

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru