Thread-topic: Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug
> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf
> Of Daniel Veditz
> Sent: Thursday, April 05, 2007 3:54 AM
> To: pdp (architect)
> Cc: webappsec @OWASP; full-disclosure@xxxxxxxxxxxxxxxxx;
> bugtraq@xxxxxxxxxxxxxxxxx; WASC Forum
> Subject: Re: [Full-disclosure] [WEB SECURITY] Firefox
> extensions go Evil - Critical Vulnerabilities in Firefox/Firebug
> pdp (architect) wrote:
> > http://www.gnucitizen.org/blog/firebug-goes-evil
> > There is critical vulnerability in Firefox/Firebug which allows
> > attackers to inject code inside the browser chrome.
> Good find.
> > I recommend to disable Firebug for now until the issue is fixed.
> Firebug 1.03 is now available and fixes this vulnerability.
> Firebug is disabled by default and is probably best left that
> way. It can
> be easily enabled per-site when you're actively developing or hacking.
> -Dan Veditz
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/