logo
DATABASE RESOURCES PRICING ABOUT US

Mozilla Foundation Security Advisory 2006-72

Description

Mozilla Foundation Security Advisory 2006-72 Title: XSS by setting img.src to javascript: URI Impact: High Announced: December 19, 2006 Reporter: moz_bug_r_a4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7 Description moz_bug_r_a4 reported that the src attribute of an IMG element loaded in a frame could be changed to a javascript: URI that was able to bypass the protections against cross-site script (XSS) injection. The injected script could steal credentials and financial data, or perform destructive actions on behalf of a logged-in user. Workaround Disable JavaScript until you can upgrade to a fixed version. References Exploit details withheld until after the active update period. https://bugzilla.mozilla.org/show_bug.cgi?id=351370 CVE-2006-6503


Related