In association with heise online

17 November 2009, 11:46

Vulnerability in Wikipedia Toolbar for Firefox

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider Secunia has discovered a critical vulnerability in the Wikipedia Toolbar extension for Firefox that can be exploited by an attacker to compromise a victim's system. According to the report the cause of the problem is due to the application using invalidated input in a call to eval() which can be exploited to execute arbitrary JavaScript code.

Once exploited, the JavaScript runs with system privileges that allow it to access system resources. For an attack to be successful, a victim must first visit a specially crafted web page and be tricked into using certain Toolbar buttons.

According to Secunia, the vulnerability is confirmed in version 0.5.9 and other versions may also be affected. The latest 0.5.9.2 release addresses the issue, but it is considered to be "experimental".

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-861434
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit