[Full-disclosure] [WEB SECURITY] Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug
dveditz at cruzio.com
Thu Apr 5 00:53:43 BST 2007
pdp (architect) wrote:
> There is critical vulnerability in Firefox/Firebug which allows
> attackers to inject code inside the browser chrome.
> I recommend to disable Firebug for now until the issue is fixed.
Firebug 1.03 is now available and fixes this vulnerability.
Firebug is disabled by default and is probably best left that way. It can
be easily enabled per-site when you're actively developing or hacking.
Full-Disclosure is hosted and sponsored by Secunia.