Bugtraq mailing list archives

Re: [WEB SECURITY] Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug

From: Daniel Veditz <dveditz () cruzio com>
Date: Wed, 04 Apr 2007 16:53:43 -0700

pdp (architect) wrote:

http://www.gnucitizen.org/blog/firebug-goes-evil

There is critical vulnerability in Firefox/Firebug which allows
attackers to inject code inside the browser chrome.


Good find.

I recommend to disable Firebug for now until the issue is fixed.


Firebug 1.03 is now available and fixes this vulnerability.
https://addons.mozilla.org/en-US/firefox/addon/1843

Firebug is disabled by default and is probably best left that way. It can
be easily enabled per-site when you're actively developing or hacking.

-Dan Veditz

Current thread:

Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug pdp (architect) (Apr 04)
- Re: [WEB SECURITY] Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug Daniel Veditz (Apr 05)
- Re: Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug Thor Larholm (Apr 06)