AOH :: HP Unsorted U :: BT-21559.HTM

Update Scanner - Firefox Extension - Chrome Privileged Code Injection



Update Scanner - Firefox Extension - Chrome Privileged Code Injection
Update Scanner - Firefox Extension - Chrome Privileged Code Injection



   (    , )     (,
  .   `.' ) ('.    ',
   ). , ('.   ( ) (
  (_,) .`), ) _ _,
 /  _____/  / _  \    ____  ____   _____  
 \____  \==/ /_\  \ _/ ___\/  _ \ /     \ 
 /       \/   |    \\  \__(  <_> )  Y Y  \
/______  /\___|__  / \___  >____/|__|_|  /
        \/         \/.-.    \/         \/:wq 
                    (x.0)
                  '=.|w|.='
                  _='`"``=.

		presents..

Update Scanner Chrome Privileged Code Injection

+-----------+
|Description|
+-----------+

Security-Assessment.com discovered that Update Scanner
is vulnerable to Cross Site Scripting injection.
Update
Scanner renders scanned site content within a chrome
window located at
chrome://updatescan/content/diffPage.xul. A malicious
web page is then able to pass arbitrary browser code,
such as JavaScript, following a scan performed by
Update Scanner. The browser code is directly rendered
and
executed in the chrome privileged Firefox zone related
to Update Scanner.
Update Scanner performs input data filtering by
stripping 


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.