Computer Security

Security Advisory: Mozilla Foundation Security Advisory 2010-20
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Многочисленные уязвимости в Mozilla Firefox / Seamonkey multiple security vulnerabilities

  ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability

  ZDI-10-050: Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability

  ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability

  ZDI-10-048: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability

From:MOZILLA
Date:06.04.2010
Subject:Mozilla Foundation Security Advisory 2010-20

Mozilla Foundation Security Advisory 2010-20

Title: Chrome privilege escalation via forced URL drag and drop
Impact: Critical
Announced: March 30, 2010
Reporter: Paul Stone
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6.2
 Firefox 3.5.9
 Firefox 3.0.19
 SeaMonkey 2.0.4
Description

Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=546909
   * CVE-2010-0178

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru