Mozilla Firefox Chrome Cross-Domain Security Bypass Vulnerability
BID:26283
Info
Mozilla Firefox Chrome Cross-Domain Security Bypass Vulnerability
| Bugtraq ID: | 26283 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 31 2007 12:00AM |
| Updated: | Nov 01 2007 05:06PM |
| Credit: | The Hacker Webzine is credited with the discovery of this vulnerability. |
| Vulnerable: |
Mozilla Firefox 2.0 .8 |
| Not Vulnerable: | |
Discussion
Mozilla Firefox Chrome Cross-Domain Security Bypass Vulnerability
Mozilla Firefox is prone to a vulnerability that permits an attacker to execute script code in arbitrary domains. This issue stems from an access validation in the affected application.
Remote attackers may exploit this issue to bypass the chrome security restrictions and then steal credentials, run arbitrary code, or launch other attacks.
This issue affects Mozilla Firefox 2.0.0.8; other versions may also be affected.
Mozilla Firefox is prone to a vulnerability that permits an attacker to execute script code in arbitrary domains. This issue stems from an access validation in the affected application.
Remote attackers may exploit this issue to bypass the chrome security restrictions and then steal credentials, run arbitrary code, or launch other attacks.
This issue affects Mozilla Firefox 2.0.0.8; other versions may also be affected.
Exploit / POC
Mozilla Firefox Chrome Cross-Domain Security Bypass Vulnerability
An attacker could exploit this issue by enticing an unsuspecting user to view a malicious HTML page.
The following exploit code is available:
An attacker could exploit this issue by enticing an unsuspecting user to view a malicious HTML page.
The following exploit code is available:
Solution / Fix
Mozilla Firefox Chrome Cross-Domain Security Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Mozilla Firefox Chrome Cross-Domain Security Bypass Vulnerability
References:
References:
- Scriptable Chrome Access: The Haunted Browser Pt.II (The Hacker Webzine)
- Cisco NX-OS Software TACACS+ Command Authorization Vulnerability (Cisco)