- TalkBack 4 of 10:
- Next »
- « Previous
- Thread View
- Flat View
- Firefox extensions go Evil - Critical Vulnerabilities
-
Firefox extensions go Evil - Critical Vulnerabilities
www.gnucitizen.org/blog/firebug-goes-evil
There is critical vulnerability in Firefox/Firebug which allows
attackers to inject code inside the browser chrome. This can lead to a
lot of problems. Theoretically everything is possible, from modifying
the user file system to launching processes, installing ROOTKITs, you
name it.
I recommend to disable Firebug for now until the issue is fixed. The
issues is a bit critical since Firebug is one of the most popular
extensions for Firefox. Given the fact that a lot of the Firefox users
are geeks, the chances to have Firebug installed in a random Firefox
client are quite high.
I wrote two POC to demonstrate the issue. You can find them from the
page on the top of this message. The first POC runs calc.exe and
cmd.exe on windows systems. The second POC does a count down from 10
to 0 and executes calc.exe to prove that automatic execution is
possible. - Posted by: qmlscycrajg Posted on: 04/05/07 You are currently: a Guest | Members login | Terms of Use
The patch doesn't work for me
galileon | 04/05/07
|
 
Firefox users are at a higher risk than IE 7 users.
qmlscycrajg | 04/05/07
|
how d'ya figure
galileon | 04/05/07
|
|
Firefox extensions go Evil - Critical Vulnerabilities
qmlscycrajg | 04/05/07
|
|
Fixed the day after
gotitright | 04/09/07
|
|
Firefox, stick with keeping your browser on point
Boot_Agnostic | 04/05/07
|
|
agreed
Resuna | 04/10/07
|
|
MS Updates are just a pain
Uralbas | 04/06/07
|
|
Google and run gpedit.msc
Boot_Agnostic | 04/06/07
|
|
dont support windows proprietary formats
Resuna | 04/10/07
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
Meet Doc
-
-
Here to help you with your Document Management Needs
- Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
- To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
-
Produced by
ZDNet and -
