|
Two
vulnerabilities have been discovered in Firefox. An attacker can
exploit such vulnerabilities to conduct cross-site scripting attacks
and execute arbitrary code on a compromised computer.
The
first vulnerability is that "IFRAME" JavaScript URLs are
not properly protected from being executed in context of another URL
in the history list. Such vulnerability can allow an attacker to
execute arbitrary HTML and script code in a user's browser session
in context of an arbitrary site.
The
second vulnerability is that Input passed to the "IconURL"
parameter in "InstallTrigger.install()" is not properly
verified before being used. Such vulnerability can allow an attacker
to execute arbitrary JavaScript code with escalated privileges via a
specially crafted JavaScript URL.
BroadWeb
Security Service Team (BSST) has released the countermeasure
signatures in signature version 2.89, which includes:
#
1051916_EXPLOIT Mozilla Firefox 1.0.3 Remote Arbitrary Code
Execution
NetKeeper
users are urged to upgrade their signature patterns to version 2.89
or later in order to thwart these attacks.
(BSST,
Broadweb Security Service Team)
|
