TITLE:
Firefox "wyciwyg://" Handler Vulnerability
SECUNIA ADVISORY ID:
SA25990
VERIFY ADVISORY:
http://secunia.c
om/advisories/25990/
CRITICAL:
Less critical
IMPACT:
Spoofing, Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
Mozilla Firefox 2.0.x
http://secunia.com/
product/12434/
DESCRIPTION:
Michal Zalewski has discovered a vulnerability in Mozilla
Firefox,
which can be exploited by malicious people to disclose
sensitive
information and conduct spoofing attacks.
The vulnerability is caused due to an error in the handling
of
the
"wyciwyg://" URI handler. This can be exploited to
access or
spoof
contents from a previously cached web site e.g. via HTTP
302
redirects when a user visits a malicious web page.
The vulnerability is confirmed in version 2.0.0.4. Other
versions may
also be affected.
SOLUTION:
Do not browse untrusted web sites.
ORIGINAL ADVISORY:
http://lcamtuf.co
redump.cx/ffcache/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
