CENTER.HU groups
CENTER.HU address

User:

Guest

www.center.hu / Archive / Security news / february, 2006 / Mozilla Firefox E4X AnyName object vulnerability 

Mozilla Firefox E4X AnyName object vulnerability

Mozilla Firefox E4X AnyName object vulnerability

Date Discovered: 2006. február 2.
Date Published: 2006. február 3.
Last Updated: 2006. február 3.

Threat Assessment
Overall Risk: Medium
Impact:          Medium
Popularity:    Medium
Simplicity:     Low

Vulnerability Description
Vulnerability ID:          33818
Discovered By:            Brendan Eich
Exploitable Locally:     No
Exploitable Remotely: Yes
Impact:                        Attackers can bypass access restricitions.
Root Cause:                 Software Vulnerability

Mozilla Firefox contains a vulnerability that can allow an attacker to bypass access restrictions. The vulnerability is due to insecure handling of data by the E4X AnyName object. Attackers can exploit the issue to circumvent same-origin restrictions used to prevent direct access from one window or frame to another.

Recommendations
For: Mozilla FireFox 1.5
Apply: Mozilla FireFox 1.5.0.1

Affected Technologies
The Mozilla Organization: Mozilla FireFox 1.5

References
Mitre CVE: CVE-2006-0299
Mozilla Organization: 2006-08

 

 

More information on CA Vulnerability Information Center
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33818

Computer Associates – the Trusted Source of Security Knowledge

 

Back



Copyright © CENTER.HU Ltd, 2000-2010. All rights reserved

sitemap | privacy policy |

copyrights | new pages |

terms of purchase | contact us


PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel