OSVDB ID: 27559

Title: Mozilla Multiple Products Window Navigator Object Arbitrary Code Execution

Info

Disclosure

Jul 25, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 25, 2006

Description

A code execution flaw exists in multiple Mozilla browsers. Firefox and SeaMonkey fail to validate values assigned to window.navigator objects. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Private, Exploit Commercial
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade Firefox to version 1.5.0.5 or Seamonkey to version 1.0.3, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization

Firefox

1.5.0.4

SeaMonkey

1.0.2

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/27559