Mozilla Foundation Security Advisory 2008-39

Privilege escalation using feed preview page and XSS flaw

Announced
September 23, 2008
Reporter
moz_bug_r_a4
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 2.0.0.17

Description

Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges.

Firefox 3 is not affected by this issue

Workaround

Disable JavaScript until a version containing these fixes can be installed.

References