Bug 188808 - CVE-2006-1727 Privilege escalation through Print Preview
Summary: CVE-2006-1727 Privilege escalation through Print Preview
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: mozilla
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact: Ben Levenson
URL:
Whiteboard: reported=20060412,source=mozilla,emba...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-04-13 02:31 UTC by Josh Bressers
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-06-24 16:33:26 UTC


Attachments (Terms of Use)

Description Josh Bressers 2006-04-13 02:31:24 UTC
Privilege escalation through Print Preview


Georgi Guninski reported two variants of using scripts in an XBL control to
gain chrome privileges when the page is viewed under "Print Preview". This
vulnerability exists even if web-content JavaScript is turned off

Workaround

Do not use Print Preview until you upgrade to a fixed version.

References

[1]https://bugzilla.mozilla.org/show_bug.cgi?id=325991
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=328469


This issue also affects FC4

Comment 1 Josh Bressers 2006-04-24 12:48:53 UTC
Lifting embargo

Comment 2 David Eisenstein 2006-06-24 16:33:26 UTC
This bug was fixed for FC4 in Fedora Update FEDORA-2006-488
<http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00019.html>.

This bug was fixed for FC5 in Fedora Update FEDORA-2006-487
<http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00018.html>.


Note You need to log in before you can comment on or make changes to this bug.