FireBug Cross Zone Scripting Vulnerability
BID:23315
Info
FireBug Cross Zone Scripting Vulnerability
| Bugtraq ID: | 23315 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2007 12:00AM |
| Updated: | Apr 05 2007 07:52PM |
| Credit: | Petko D. Petkov is credited with the discovery of this vulnerability. |
| Vulnerable: |
Parakey Inc. Firebug 1.02 Parakey Inc. Firebug 1.01 |
| Not Vulnerable: |
Parakey Inc. Firebug 1.03 |
Discussion
FireBug Cross Zone Scripting Vulnerability
FireBug is prone to a cross-zone scripting vulnerability because the application fails to execute code in the proper security context.
Successfully exploiting this issue would allow an attacker to execute arbitrary code within the context of the affected browser.
This issue affects versions prior to 1.03.
FireBug is prone to a cross-zone scripting vulnerability because the application fails to execute code in the proper security context.
Successfully exploiting this issue would allow an attacker to execute arbitrary code within the context of the affected browser.
This issue affects versions prior to 1.03.
Exploit / POC
FireBug Cross Zone Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to view a malicious page.
The following links provide a proof-of-concept that demonstrates this issue:
http://www.gnucitizen.org/projects/firebug-goes-evil/poc.htm
http://www.gnucitizen.org/projects/firebug-goes-evil/poc2.htm
An attacker can exploit this issue by enticing an unsuspecting user to view a malicious page.
The following links provide a proof-of-concept that demonstrates this issue:
http://www.gnucitizen.org/projects/firebug-goes-evil/poc.htm
http://www.gnucitizen.org/projects/firebug-goes-evil/poc2.htm
Solution / Fix
FireBug Cross Zone Scripting Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
FireBug Cross Zone Scripting Vulnerability
References:
References:
- Firebug Goes Evil (GNUCITIZEN)
- Firebug Homepage (Joe Hewitt)
- Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug ([email protected])