Mozilla products contain a cross-site scripting vulnerability due to a vulnerability in the way IMG elements are loaded.
A vulnerability in the way Mozilla products load IMG elements in a frame may cause a cross-site script injection. According to Mozilla Foundation Security Advisory 2006-72:
By convincing a victim to view an HTML document (web page), an attacker could evaluate script in a different security domain than the one containing the attacker's document. The attacker could read or modify data in other web sites (read cookies/content, modify/create content, etc.). If the script is evaluated with chrome privileges, an attacker could execute arbitrary commands on the user's system.
Apply an update
This vulnerability was reported in Mozilla Foundation Security Advisory 2006-72. Mozilla credits moz_bug_r_a4 with providing information about this issue.
This document was written by Chris Taschner.
|Date First Published:||2007-01-18|
|Date Last Updated:||2007-03-05 18:14 UTC|