Mozilla Firefox Javascript navigator Object Vulnerability

2006-07-26T00:00:00
ID ZDI-06-025
Type zdi
Reporter Anonymous
Modified 2006-06-22T00:00:00

Description

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla Firefox web browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists when assigning specific values to the window.navigator object. A lack of checking on assignment causes user supplied data to be later used in the creation of other objects leading to eventual code execution.