TUCoPS :: HP Unsorted U :: bt-21559.htm

TUCoPS :: HP Unsorted U :: bt-21559.htm
Update Scanner - Firefox Extension - Chrome Privileged Code Injection

Update Scanner - Firefox Extension - Chrome Privileged Code Injection Update Scanner - Firefox Extension - Chrome Privileged Code Injection


   (    , )     (,
  .   `.' ) ('.    ',
   ). , ('.   ( ) (
  (_,) .`), ) _ _,
 /  _____/  / _  \    ____  ____   _____  
 \____  \==/ /_\  \ _/ ___\/  _ \ /     \ 
 /       \/   |    \\  \__(  <_> )  Y Y  \
/______  /\___|__  / \___  >____/|__|_|  /
        \/         \/.-.    \/         \/:wq 
                    (x.0)
                  '=.|w|.='
                  _='`"``=.

		presents..

Update Scanner Chrome Privileged Code Injection

+-----------+
|Description|
+-----------+

Security-Assessment.com discovered that Update Scanner
is vulnerable to Cross Site Scripting injection.
Update
Scanner renders scanned site content within a chrome
window located at
chrome://updatescan/content/diffPage.xul. A malicious
web page is then able to pass arbitrary browser code,
such as JavaScript, following a scan performed by
Update Scanner. The browser code is directly rendered
and
executed in the chrome privileged Firefox zone related
to Update Scanner.
Update Scanner performs input data filtering by
stripping