Vulnerability in Wikipedia Toolbar for Firefox
Security service provider Secunia has discovered a critical vulnerability in the Wikipedia Toolbar extension for Firefox that can be exploited by an attacker to compromise a victim's system. According to the report the cause of the problem is due to the application using invalidated input in a call to eval()
which can be exploited to execute arbitrary JavaScript code.
Once exploited, the JavaScript runs with system privileges that allow it to access system resources. For an attack to be successful, a victim must first visit a specially crafted web page and be tricked into using certain Toolbar buttons.
According to Secunia, the vulnerability is confirmed in version 0.5.9 and other versions may also be affected. The latest 0.5.9.2 release addresses the issue, but it is considered to be "experimental".
See also:
- Wikipedia Toolbar Cross-Context Scripting Vulnerability, security advisory from Secunia.
(crve)