Mozilla Foundation Security Advisory 2008-39

2008-09-29T00:00:00
ID SECURITYVULNS:DOC:20583
Type securityvulns
Reporter Securityvulns
Modified 2008-09-29T00:00:00

Description

Mozilla Foundation Security Advisory 2008-39

Title: Privilege escalation using feed preview page and XSS flaw Impact: Critical Announced: September 23, 2008 Reporter: moz_bug_r_a4 Products: Firefox

Fixed in: Firefox 2.0.0.17 Description

Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges.

Firefox 3 is not affected by this issue Workaround

Disable JavaScript until a version containing these fixes can be installed. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=360529
* https://bugzilla.mozilla.org/show_bug.cgi?id=430658
* CVE-2008-3836