Intrusion Prevention

Mozilla.About.Blank.Script.Code.Execution

Description

This indicates a Cross Context Scripting vulnerability in Mozilla browsers. A malicious remote attacker can execute arbitrary script code in Chrome context by dynamically injecting code in the standard "about:blank" page.

Affected Products

Mozilla Firefox prior to 2.0.0.6

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to Mozilla Firefox 2.0.0.6

CVE References

CVE-2007-3844