188843 – CVE-2006-1727 Privilege escalation through Print Preview

Bug 188843 - CVE-2006-1727 Privilege escalation through Print Preview

Summary: CVE-2006-1727 Privilege escalation through Print Preview

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:
Docs Contact:
URL:
Whiteboard:	reported=20060412,source=mozilla,emba...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-04-13 03:36 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-04-27 12:55:37 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-04-13 03:36:33 UTC

Privilege escalation through Print Preview


Georgi Guninski reported two variants of using scripts in an XBL control to
gain chrome privileges when the page is viewed under "Print Preview". This
vulnerability exists even if web-content JavaScript is turned off

Workaround

Do not use Print Preview until you upgrade to a fixed version.

References

[1]https://bugzilla.mozilla.org/show_bug.cgi?id=325991
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=328469


This issue also affects FC4

Comment 1 Josh Bressers 2006-04-27 12:55:37 UTC

These issues have been resolved in FEDORA-2006-411 for FC5 and FEDORA-2006-410
for FC4

Note You need to log in before you can comment on or make changes to this bug.