|
|
CVE Reference: CVE-2007-1878 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-1878 |
|
|
Description: Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/33451 SREASON http://securityreason.com/securityalert/2525 SAID Secunia Advisory: SA24743 MISC http://larholm.com/2007/04/06/0day-vulnerability-in-firebug/ http://www.gnucitizen.org/blog/firebug-goes-evil CONFIRM http://www.getfirebug.com/blog/2007/04/04/security-update/ BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/464786/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/464740/100/0/threaded BID 23315 |
|
| Return to the previous page. |
