Mouseover Dictionary Unspecified Arbitrary Script Code Execution Vulnerability

Bugtraq ID:	26053
Class:	Input Validation Error
CVE:	CVE-2007-5459
Remote:	Yes
Local:	No
Published:	Oct 12 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	JVN is credited with the discovery of this vulnerability.
Vulnerable:	Mouseover Dictionary Mouseover Dictionary 0.6.1 Mouseover Dictionary Mouseover Dictionary 0.6
Not Vulnerable:	Mouseover Dictionary Mouseover Dictionary 0.6.2

Mouseover Dictionary Unspecified Arbitrary Script Code Execution Vulnerability

Mouseover Dictionary is prone to an unspecified vulnerability that lets attackers run arbitrary script code.

Attackers can exploit this issue to execute arbitrary HTML and script code in the context of the user running the affected application.

Versions prior to Mouseover Dictionary 0.6.2 are vulnerable.

Mouseover Dictionary Unspecified Arbitrary Script Code Execution Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Mouseover Dictionary Unspecified Arbitrary Script Code Execution Vulnerability

Solution:
The vendor has released an updated version that addresses this vulnerability. Please see the references for more information.


Mouseover Dictionary Mouseover Dictionary 0.6

• Mouseover Dictionary mouseoverdictionary-0.6.2.xpi
  http://maru.bonyari.jp/mouseoverdictionary/releases/mouseoverdictionar y-0.6.2.xpi

Mouseover Dictionary Mouseover Dictionary 0.6.1

• Mouseover Dictionary mouseoverdictionary-0.6.2.xpi
  http://maru.bonyari.jp/mouseoverdictionary/releases/mouseoverdictionar y-0.6.2.xpi

Mouseover Dictionary Unspecified Arbitrary Script Code Execution Vulnerability

References:

• Mouseover Dictionary Changelog (Mouseover Dictionary)
  
• Mouseover Dictionary Homepage (Mouseover Dictionary)
  
• JVN#63304072 (JVN)