Firebug Rep.JS Script Code Injection Vulnerability
BID:23349
Info
Firebug Rep.JS Script Code Injection Vulnerability
| Bugtraq ID: | 23349 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 06 2007 12:00AM |
| Updated: | Apr 09 2007 09:12PM |
| Credit: | Thor Larholm is credited with the discovery of this issue. |
| Vulnerable: |
Firebug Firebug 1.03 |
| Not Vulnerable: |
Firebug Firebug 1.04 |
Discussion
Firebug Rep.JS Script Code Injection Vulnerability
Firebug is prone to a script-code-injection vulnerability because it fails to adequately escape user-supplied data.
An attacker can exploit this issue to execute arbitrary script code in the context of the application.
Versions prior to 1.04 are vulnerable.
Firebug is prone to a script-code-injection vulnerability because it fails to adequately escape user-supplied data.
An attacker can exploit this issue to execute arbitrary script code in the context of the application.
Versions prior to 1.04 are vulnerable.
Exploit / POC
Firebug Rep.JS Script Code Injection Vulnerability
The following proof-of-concept file is available.
The following proof-of-concept file is available.
Solution / Fix
Firebug Rep.JS Script Code Injection Vulnerability
Solution:
The vendor has released version 1.04 to address this issue. Please see the references for more information.
Firebug Firebug 1.03
Solution:
The vendor has released version 1.04 to address this issue. Please see the references for more information.
Firebug Firebug 1.03
-
Firebug firebug-1.04-fx+fl.xpi
https://addons.mozilla.org/en-US/firefox/downloads/file/14570/firebug- 1.04-fx+fl.xpi
References
Firebug Rep.JS Script Code Injection Vulnerability
References:
References:
- Firebug Homepage (Joe Hewitt)
- Re: Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug (Thor Larholm)