Mozilla Foundation Security Advisory 2008-39

Type securityvulns
Reporter Securityvulns
Modified 2008-09-29T00:00:00


Mozilla Foundation Security Advisory 2008-39

Title: Privilege escalation using feed preview page and XSS flaw Impact: Critical Announced: September 23, 2008 Reporter: moz_bug_r_a4 Products: Firefox

Fixed in: Firefox Description

Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges.

Firefox 3 is not affected by this issue Workaround

Disable JavaScript until a version containing these fixes can be installed. References

* CVE-2008-3836