Mozilla Browsers XPInstall Security Dialog Arbitrary Extension Installation

2004-08-03T00:00:00
ID OSVDB:8309
Type osvdb
Reporter Jesse Ruderman()
Modified 2004-08-03T00:00:00

Description

Vulnerability Description

An attackers website can inject arbitrary Mozilla extensions by tricking the user into interactively accepting security dialog boxes without seeing the dialog box.

Solution Description

The recommended solution is to upgrade to a more current version of Firefox, Mozilla or Thunderbird.

Short Description

An attackers website can inject arbitrary Mozilla extensions by tricking the user into interactively accepting security dialog boxes without seeing the dialog box.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11999 Secunia Advisory ID:15432 Secunia Advisory ID:17645 Secunia Advisory ID:12234 Secunia Advisory ID:12283 Secunia Advisory ID:10856 Secunia Advisory ID:11978 Secunia Advisory ID:12747 RedHat RHSA: RHSA-2004:421-17 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:082 Other Advisory URL: http://www.suse.de/de/security/2004_36_mozilla.html Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.25/SCOSA-2005.25.txt Keyword: SCOSA-2005.49 CVE-2004-0762