lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 Apr 2007 16:53:43 -0700 From: Daniel Veditz <dveditz@...zio.com> To: "pdp (architect)" <pdp.gnucitizen@...glemail.com> Cc: "webappsec @OWASP" <webappsec@...ts.owasp.org>, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, WASC Forum <websecurity@...appsec.org> Subject: Re: [WEB SECURITY] Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug pdp (architect) wrote: > http://www.gnucitizen.org/blog/firebug-goes-evil > > There is critical vulnerability in Firefox/Firebug which allows > attackers to inject code inside the browser chrome. Good find. > I recommend to disable Firebug for now until the issue is fixed. Firebug 1.03 is now available and fixes this vulnerability. https://addons.mozilla.org/en-US/firefox/addon/1843 Firebug is disabled by default and is probably best left that way. It can be easily enabled per-site when you're actively developing or hacking. -Dan Veditz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists