5 April 2007, 13:57

New version of firebug fixes vulnerability

Version 1.03 von Firebug, a high-performance JavaScript debugger for Firefox, closes a hole: code being debugged is run in the browser in the context of chrome, the most highly authorized access privileges. For this to to be exploited, however, malicious JavaScript code must be loaded by the debugger. This rarely occurs, since the Firebug add-on is generally used by developers to test their own programs. If, however, unknown sites are analyzed, as done for example by security specialists, malicious code may slip in. According to the error report, the source of the problem is a function (console.log) of Firebug to print messages to a console. This enables an attacker to print JavaScript code to the console which is executed in the browser with the privileges of chrome:.

Also on The H:

Share this article

New version of firebug fixes vulnerability

Also on The H:

Microsoft's struggle against bugs

CSI:Internet - Open heart surgery

CSI:Internet - A trip into RAM

The H Update Check

Internet Toolkit

Monopoly madness

What's new in Linux 3.4

A Practical Internet of Things

Booting up: Tools and tips for systemd

Kernel Log: Coming in 3.4 (Part 3) - Graphics drivers

Control Centre: The systemd Linux init system

Kernel Log: Coming in 3.4 (Part 2) - Filesystems, storage and drivers

Kernel Log: Coming in 3.4 (Part 1) - Infrastructure

What's new in Linux 3.3

Building a GSM network with open source

CSI:Internet - Controlled from the beyond

Price Insight Top 10 powered by Skinflint

The H

The H open source

The H Security

The H Internet Toolkit