Firefox "-chrome" Parameter Vulnerability

A vulnerability affecting Firefox versions previous to 2.0.0.7 is caused by the "-chrome" parameter allowing remote attackers to run code with the current user's privileges.  When exploited, the remote attacker can install malware, steal data, or simply corrupt the user's system.

The solution is to update to Firefox version 2.0.0.7.  There is also a workaround: use the NoScript add-on with Firefox.

References:

Secunia

http://secunia.com/advisories/26881/

Mozilla

http://www.mozilla.org/security/announce/2007/mfsa2007-28.html

Posted by Kitch Spicer on September 19, 2007, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.