Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug



> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf 
> Of Daniel Veditz
> Sent: Thursday, April 05, 2007 3:54 AM
> To: pdp (architect)
> Cc: webappsec @OWASP; full-disclosure@xxxxxxxxxxxxxxxxx; 
> bugtraq@xxxxxxxxxxxxxxxxx; WASC Forum
> Subject: Re: [Full-disclosure] [WEB SECURITY] Firefox 
> extensions go Evil - Critical Vulnerabilities in Firefox/Firebug
> 
> pdp (architect) wrote:
> > http://www.gnucitizen.org/blog/firebug-goes-evil
> > 
> > There is critical vulnerability in Firefox/Firebug which allows
> > attackers to inject code inside the browser chrome.
> 
> Good find.
> 
> > I recommend to disable Firebug for now until the issue is fixed.
> 
> Firebug 1.03 is now available and fixes this vulnerability.
> https://addons.mozilla.org/en-US/firefox/addon/1843
> 
> Firebug is disabled by default and is probably best left that 
> way. It can
> be easily enabled per-site when you're actively developing or hacking.
> 
> -Dan Veditz
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 



 




Copyright © Lexa Software, 1996-2009.