Intrusion Prevention

Firebug.Console.Log.Remote.Code.Execution

Description

A vulnerability has been identified in the Firebug extension for Firefox. A successful exploit may allow remote attackers to execute arbitrary code, with chrome privileges. The vulnerability can be exploited through the console.log() function, by convincing a user to visit a specially crafted web page.

Affected Products

Firebug versions prior to 1.04.

Impact

Remote code execution.

Recommended Actions

Update to version 1.04.

CVE References

CVE-2007-1947 CVE-2007-1878