Mozilla products fail to properly handle frame or window references. This may allow a remote attacker to execute arbitrary code on a vulnerable system.
According to the Mozilla Foundation Security Advisory 2006-044, versions of Mozilla Firefox prior to 1.5 and the Mozilla Suite are not affected by this vulnerability.
A remote, unauthenticated attacker could execute code with the privileges of the user running the Mozilla-based web browser.
This vulnerability was reported by the Mozilla Foundation, who in turn credit Thilo Germann.
This document was written by Ryan Giobbi.
|Date First Published:
|Date Last Updated:
|2007-02-09 14:03 UTC