05 April 2007, 12:57

New version of firebug fixes vulnerability

Version 1.03 von Firebug, a high-performance JavaScript debugger for Firefox, closes a hole: code being debugged is run in the browser in the context of chrome, the most highly authorized access privileges. For this to to be exploited, however, malicious JavaScript code must be loaded by the debugger. This rarely occurs, since the Firebug add-on is generally used by developers to test their own programs. If, however, unknown sites are analyzed, as done for example by security specialists, malicious code may slip in. According to the error report, the source of the problem is a function (console.log) of Firebug to print messages to a console. This enables an attacker to print JavaScript code to the console which is executed in the browser with the privileges of chrome:.

Channels

Services

New version of firebug fixes vulnerability

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit