|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2525 CVE : CVE-2007-1878 SecurityRisk : High  (About) Remote Exploit : No Local Exploit : Yes Exploit Available : No Credit : pdp Published : 09.04.2007
Advisory Content : http://www.gnucitizen.org/blog/firebug-goes-evil There is critical vulnerability in Firefox/Firebug which allows attackers to inject code inside the browser chrome. This can lead to a lot of problems. Theoretically everything is possible, from modifying the user file system to launching processes, installing ROOTKITs, you name it. I recommend to disable Firebug for now until the issue is fixed. The issues is a bit critical since Firebug is one of the most popular extensions for Firefox. Given the fact that a lot of the Firefox users are geeks, the chances to have Firebug installed in a random Firefox client are quite high. I wrote two POC to demonstrate the issue. You can find them from the page on the top of this message. The first POC runs calc.exe and cmd.exe on windows systems. The second POC does a count down from 10 to 0 and executes calc.exe to prove that automatic execution is possible. -- pdp (architect) | petko d. petkov http://www.gnucitizen.org  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |