Thread-topic: [SA26288] Mozilla Products Addon Chrome-Loaded "about:blank" Cross-Context Scripting
>
> TITLE:
> Mozilla Products Addon Chrome-Loaded "about:blank" Cross-Context
> Scripting
>
> SECUNIA ADVISORY ID:
> SA26288
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Cross Site Scripting, System access
>
> WHERE:
> From remote
>
> REVISION:
> 1.1 originally posted 2007-07-31
>
> SOFTWARE:
> Mozilla Firefox 2.0.x
>
> Mozilla SeaMonkey 1.1.x
>
> Mozilla Thunderbird 2.x
>
>
> DESCRIPTION:
> A vulnerability has been reported in Mozilla products, which
> potentially can be exploited by malicious people to compromise a
> user's system.
>
> The vulnerability is caused due to an error within the handling of
> "about:blank" pages loaded by chrome in an addon. This can be
> exploited to execute script code under chrome privileges by e.g.
> clicking on a link opened in an "about:blank" window created and
> populated in a certain ways by an addon.
>
> Successful exploitation requires that certain addons are installed.
>
> The vulnerability is reported in the following products and
> versions:
> * Firefox 2.0.0.5
> * Thunderbird 2.0.0.5
> * SeaMonkey 1.1.3
>
> SOLUTION:
> Update to the latest versions:
>
> Firefox:
> Update to version 2.0.0.6.
>
>
> Thunderbird:
> Fixed in the upcoming version 2.0.0.6.
>
>
> SeaMonkey:
> Fixed in the upcoming version 1.1.4.
>
>
> NOTE: With version 2.0.0.6, changes that prevent exploitation of a
> URI handling vulnerability in Microsoft Windows were applied to
> Firefox and Thunderbird.
>
> For more information:
> SA26201
>
> PROVIDED AND/OR DISCOVERED BY:
> moz_bug_r_a4
>
> CHANGELOG:
> 2007-07-31: Updated "Description". Added link to vendor advisory.
>
> ORIGINAL ADVISORY:
>
>
>
>
> OTHER REFERENCES:
> SA26201:
>
>
