RootSSV:2744FireGPG PGP Key Issuer Name HTML Injection Vulnerability
FireGPG is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML or JavaScript code could run in the context of the website that the application is triggered from, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
This issue affects FireGPG 0.4.6; prior versions may also be affected.
Sun StarSuite 8
Sun StarOffice 8.0
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
S.u.S.E. SLE SDK 10.SP1
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 ppc
RedHat Fedora 8 0
RedHat Fedora 7 0
RedHat Fedora Core6
RedHat Enterprise Linux Optional Productivity Application v.5 server
RedHat Enterprise Linux Desktop v.5 client
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux AS 4
RedHat Desktop 4.0
OpenOffice OpenOffice 2.3
OpenOffice OpenOffice 2.2.1
OpenOffice OpenOffice 2.0.4
OpenOffice OpenOffice 2.0.3 -1
OpenOffice OpenOffice 2.0.3
OpenOffice OpenOffice 2.0.2
OpenOffice OpenOffice 2.0.1
OpenOffice OpenOffice 2.0 Beta
OpenOffice OpenOffice 2.2
OpenOffice OpenOffice 2.1
HSQLDB hsqldb 1.8 7
Gentoo Linux
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
The vendor released version 0.4.7 to address this issue. Please see the references for more information.
<a href=βhttp://firegpg.tuxfamily.org/stable/firegpg.xpiβ target=β_blankβ>http://firegpg.tuxfamily.org/stable/firegpg.xpi</a>