Mozilla Foundation Security Advisory 2008-39
Title: Privilege escalation using feed preview page and XSS flaw
Impact: Critical
Announced: September 23, 2008
Reporter: moz_bug_r_a4
Products: Firefox
Fixed in: Firefox 2.0.0.17
Description
Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges.
Firefox 3 is not affected by this issue
Workaround
Disable JavaScript until a version containing these fixes can be installed.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=360529
* https://bugzilla.mozilla.org/show_bug.cgi?id=430658
* CVE-2008-3836