Mozilla Firefox 'chrome' Document Unspecified Script Injection Weakness
BID:30244
Info
Mozilla Firefox 'chrome' Document Unspecified Script Injection Weakness
| Bugtraq ID: | 30244 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3198 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 15 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Ben Turner and Dan Veditz |
| Vulnerable: |
Mozilla Firefox 3.0 |
| Not Vulnerable: | |
Discussion
Mozilla Firefox 'chrome' Document Unspecified Script Injection Weakness
Mozilla Firefox is prone to an unspecified script-injection weakness.
An attacker can exploit this issue to inject arbitrary script code into an unspecified XUL-based error page. This may allow for spoofing attacks.
Exploiting this issue, when combined with another vulnerability such as the one described in BID 30242, may also allow arbitrary code to run within the context of the affected application.
This issue affects Firefox 3.0.
Mozilla Firefox is prone to an unspecified script-injection weakness.
An attacker can exploit this issue to inject arbitrary script code into an unspecified XUL-based error page. This may allow for spoofing attacks.
Exploiting this issue, when combined with another vulnerability such as the one described in BID 30242, may also allow arbitrary code to run within the context of the affected application.
This issue affects Firefox 3.0.
Exploit / POC
Mozilla Firefox 'chrome' Document Unspecified Script Injection Weakness
Attackers will likely use standard tools combined with another vulnerability to exploit this issue.
Attackers will likely use standard tools combined with another vulnerability to exploit this issue.
Solution / Fix
Mozilla Firefox 'chrome' Document Unspecified Script Injection Weakness
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
NOTE: This issue may be fixed in Firefox 3.0.1, but Symantec was unable to confirm this.
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
NOTE: This issue may be fixed in Firefox 3.0.1, but Symantec was unable to confirm this.
References
Mozilla Firefox 'chrome' Document Unspecified Script Injection Weakness
References:
References:
- Vendor Homepage (Mozilla Foundation)
- MFSA 2008-35 - Mozilla Foundation Security Advisory 2008-35 (Mozilla Foundation)