Mozilla Firefox Firebug Extension console.log() function security bypass
| firefox-firebug-console-security-bypass (33451) |  Medium Risk |
Description:
The Mozilla Firefox Firebug Extension could allow a remote attacker to bypass cross-domain security restrictions and execute arbitrary script on a victim's system, caused by the improper validation of user supplied input passed to the console.log() function. A remote attacker could exploit this vulnerability to execute code in the "chrome:" context, if the attacker could persuade the victim to visit the malicious site.
*CVSS:
| Base Score: | 5.6 |
| Access Vector: | Remote |
| Access Complexity: | High |
| Authentication: | Not Required |
| Confidentiality Impact: | Partial |
| Integrity Impact: | Partial |
| Availability Impact: | Partial |
| Temporal Score: | 4.1 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Bypass Security
Remedy:
Upgrade to the latest version of Mozilla Firefox Firebug Extension (1.02 or later), available from the Mozilla Web site. See References.
References:
- BugTraq Mailing List, Wed Apr 04 2007 - 14:23:41 CDT: Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug.
- Mozilla Web site: Firebug Version History :: Firefox Add-ons.
- BID-23315: FireBug Cross Zone Scripting Vulnerability
- CVE-2007-1878: Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name.
- SA24743: Mozilla Firefox Firebug Extension Two Cross-Context Scripting Vulnerabilities
- VUPEN/ADV-2007-1272: Firebug Extension for Firefox console.log and toString Remote Code Execution Vulnerability
Platforms Affected:
- Parakey Firebug 1.01
- Parakey Firebug 1.02
Reported:
Apr 04, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.