You are here

T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability

June 27, 2011 - 4:31pm

Addthis

PROBLEM:

Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability

PLATFORM:

Mozilla Firefox

ABSTRACT:

Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

referenceĀ  LINKS:

Securityfocus
Mozilla Firefox Homepage
MFSA 2011-27: XSS encoding hazard with inline SVG

IMPACT ASSESSMENT:

High

Discussion:

Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Solution:

Updates are available at the vendors site.
Mozilla Firefox Homepage

Addthis