Privilege escalation through SVG navigation

Ask for help about NoScript, no registration needed to post
Post Reply
Popeye

Privilege escalation through SVG navigation

Post by Popeye »

Hi,

Just curious, did NoScript protect against this vulnerability, fixed in Firefox 36.0.4 ?

I can't get access to the Bugzilla page since it's protected, so I don't know whether Javascript must be enabled to exploit this SVG parser (?) flaw.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Top
User avatar
Giorgio Maone
Site Admin
Posts: 9526
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:
Contact Giorgio Maone

Re: Privilege escalation through SVG navigation

Post by Giorgio Maone »

Yes, NoScript did protect against it.
The exploit requires JavaScript to be enabled on the attacker's page.
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Top
Popeye

Re: Privilege escalation through SVG navigation

Post by Popeye »

Yay, thanks for letting me know :)
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Top
Post Reply

Return to “NoScript Support”