Users of ZDI please be advised of a Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-134: ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability
Mozilla Firefox DOM
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists due to a workaround that was implemented in
order to support recursive cloning of attribute nodes. If an event is
added to the first attribute node, the application can be made to free
the node, and then later access a reference to it. This can lead to code
execution under the context of the application.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aXk81L
No comments:
Post a Comment