Update Scanner Chrome Privileged Code Injection
Security-Assessment.com discovered that Update Scanner
is vulnerable to Cross Site Scripting injection.
Update Scanner performs input data filtering by stripping <script> tags but this is not enough to
This vulnerability can be exploited in several ways.
As the injection point is in the chrome privileged browser zone, it is possible to bypass Same Origin
Policy (SOP) protections, and also access Mozilla built-in XPCOM components. XPCOM components can be used to read and write from the file system, as well as execute arbitrary commands, steal stored passwords, or modify other Firefox extensions.
Security-Assessment.com follows responsible disclosure and promptly contacted the developer after discovering the issue. The developer was contacted on June 8, 2009, and a response was received on the June 11. A fix was released on June 15, 2009.
Install latest Update Scanner version. This is
available from Mozilla Add-ons web site
Discovered and advised to the Update Scanner developer
June 2009 by Roberto Suggi Liverani of Security-
Assessment.com. Personal Page: http://malerisch.net/
For full details regarding this vulnerability
(including a detailed proof of concept exploit)
download the PDF from our website:
For more details regarding exploitation of Firefox
extensions, refer to our DEFCON 17 presentation at
- permalink -