Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
TITLE: Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 05 2007 12:00AM
UPDATE: Jun 05 2007 12:00AM
CREDIT: CrYpTiC MauleR is credited with the discovery of this issue.
VULNERABLE:
Beatnik Player Beatnik Player for Firefox 1.0NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
A remote code-execution vulnerability affects the Beatnik extension for Mozilla Firefox because the applications fail to validate input errors when processing RSS feeds.
An attacker may leverage this issue to execute arbitrary code in the context of the user account running the affected application. This may facilitate cross-site scripting as well as a compromise of an affected computer.
Beatnik version 1.0 is vulnerable; other versions may also be affected.
Exploit
This issue may be triggered using a browser application.
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Beatnik Player Web Site (Beatnik)
- Mozilla Homepage (Mozilla)