CERT-MU :Vulnerability

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2009-32

Mozilla Firefox infoRSS Extension Cross-Context Scripting Vulnerability

Original Issue Date: November 30, 2009

Severity Rating: High

Affected Softwares

infoRSS 1.x (extension for Firefox)

Overview

A vulnerability has been reported in the infoRSS extension for Firefox, which could allow a remote attacker to execute arbitrary code to compromise a user's system.

Description

This vulnerability is caused due to improper sanitisation of user input passed via RSS feeds before being used to render content in the infoRSS extension for Firefox. A remote attacker could exploit this vulnerability by tricking a user to subscribe to a specially crafted RSS feed. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary script code within the "chrome:" context and execute arbitrary commands on a user's system.

Solution

http://www.mozilla.com/firefox/.

Vendor Information

Mozilla
https://addons.mozilla.org/en-S/firefox/addons/versions/361#version-1.2.0

References

Secunia
http://secunia.com/advisories/37467/

Juniper Networks
http://www.juniper.net/security/auto/vulnerabilities/vuln37091.html

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.