Secunia
Login
|
|
|
|
|
|
|
|
|
Wikipedia Toolbar Cross-Context Scripting Vulnerability
Release Date: 2009-11-17 Last Update: 2009-12-07 Views: 5,999
Secunia Advisory SA37377
Where:
From remote
Impact:
System access,
Solution Status:
Vendor Workaround
CVE Reference(s):
Description
A vulnerability has been discovered in the Wikipedia Toolbar extension for Firefox, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application using invalidated input in a call to "eval()". This can be exploited to execute arbitrary Javascript code in "chrome:" context.
Successful exploitation requires that a user is tricked into using certain Toolbar buttons when visiting a specially crafted web page.
The vulnerability is confirmed in version 0.5.9. Other versions may also be affected.
Solution:
Fixed in version 0.5.9.2 (experimental) by restricting the attack vector to "http://en.wikipedia.org/wiki/".
Provided and/or discovered by:
Sruthi Bandhakavi
Original Advisory:
https://addons.mozilla.org/en-US/firefox/addons/versions/6401#version-0.5.9.2
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: Wikipedia Toolbar Cross-Context Scripting Vulnerability
|
No posts yet |
|
You must be logged in to post a comment. |
