Mozilla Firefox "Web Features" Remote Code Execution Vulnerability
Wow, it seems to be the day for Mozilla/Firefox vulnerabilties.
FrSIRT reports of yet another:
FrSIRT Advisory : FrSIRT/ADV-2005-0493
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-05-07
* Technical Description *
A critical vulnerability was identified in Mozilla Firefox, which may be exploited by remote attackers to execute arbitrary commands. This flaw is due to an input validation error when processing a specially crafted "src" parameter of an "IFRAME" tag referencing a firefox extension add-on, which may be exploited via a malicious web page or email to inject arbitrary JavaScript code in the "chrome" and compromise a vulnerable system.
* Affected Products *
Mozilla Firefox version 1.0.3 and prior
* Solution *
- Disable JavaScript, or disable the "Allow web sites to install software" option [Tools - Options - Web Features].
The FrSIRT is not aware of any official supplied patch for this issue.
* References *
http://www.frsirt.com/english/advisories/2005/0493
http://www.frsirt.com/exploits/20050507.firefox0day.php
posted by Fergie @ 5/07/2005 08:24:00 PM
0 Comments:
Post a Comment
<< Home