A vulnerability in the way Mozilla products and derivative programs handle certain XBL methods could allow a remote attacker to execute arbitrary code on a vulnerable system.
The Mozilla browser and derived products include support for the Extensible Bindings Language (XBL), a markup language that defines special new elements, or "bindings" for Mozilla's XML-based User interface Language (XUL) widgets and HTML elements. A vulnerability has been discovered in the way that Mozilla and derived products handle some methods of XBL bindings. Mozilla Foundation Security Advisory 2006-14 states the following:
A remote attacker may be able to run code of their choosing on an affected system. The attacker-supplied code would be executed with the permissions of the user running the vulnerable program.
Thanks to Mozilla Foundation Security Advisory for reporting this vulnerability.
|Date First Published:||2006-04-17|
|Date Last Updated:||2006-04-17 15:17 UTC|