|
|
| |
|
| |
Mozilla Firefox, Mozilla Suite: multiple vulnerabilities
| Package(s): | mozilla |
CVE #(s): | CAN-2005-0989
|
| Created: | April 19, 2005 |
Updated: | July 18, 2005 |
| Description: |
The following vulnerabilities were found and fixed in the Mozilla Suite
and Mozilla Firefox:
- Vladimir V. Perepelitsa reported a memory disclosure bug in
JavaScript's regular expression string replacement when using an
anonymous function as the replacement argument (CAN-2005-0989).
- moz_bug_r_a4 discovered that Chrome UI code was overly trusting DOM
nodes from the content window, allowing privilege escalation via DOM
property overrides.
- Michael Krax reported a possibility to run JavaScript code with
elevated privileges through the use of javascript: favicons.
- Michael Krax also discovered that malicious Search plugins could
run JavaScript in the context of the displayed page or stealthily
replace existing search plugins.
- shutdown discovered a technique to pollute the global scope of a
window in a way that persists from page to page.
- Doron Rosenberg discovered a possibility to run JavaScript with
elevated privileges when the user asks to "Show" a blocked popup that
contains a JavaScript URL.
- Finally, Georgi Guninski reported missing Install object instance
checks in the native implementations of XPInstall-related JavaScript
objects.
The following Firefox-specific vulnerabilities have also been
discovered:
- Kohei Yoshino discovered a new way to abuse the sidebar panel to
execute JavaScript with elevated privileges.
- Omar Khan reported that the Plugin Finder Service can be tricked to
open javascript: URLs with elevated privileges.
|
| Alerts: |
|
( Log in to post comments)
|
|
|