CVE Vulnerability

CVE-2007-1878

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.gnucitizen.org/blog/firebug-goes-evil Exploit
http://www.getfirebug.com/blog/2007/04/04/security-update/ Patch
http://www.securityfocus.com/bid/23315 Exploit
http://larholm.com/2007/04/06/0day-vulnerability-in-firebug/
http://secunia.com/advisories/24743 Vendor Advisory
http://securityreason.com/securityalert/2525
http://www.vupen.com/english/advisories/2007/1272
https://exchange.xforce.ibmcloud.com/vulnerabilities/33451
http://www.securityfocus.com/archive/1/464786/100/0/threaded
http://www.securityfocus.com/archive/1/464740/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:parakey_inc.:firebug:1.01:*:*:*:*:*:*:*
cpe:2.3:a:parakey_inc.:firebug:1.02:*:*:*:*:*:*:*
Information

Published : 2007-04-06 12:19

Updated : 2018-10-16 04:41

NVD link : CVE-2007-1878

Mitre link : CVE-2007-1878

Products Affected
No products.
CWE
NVD-CWE-Other