Filter lists in Adblock Plus and AdBlock can execute arbitrary code on some websites

Talk about internet security, computer security, personal security, your social security number...
Post Reply
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Filter lists in Adblock Plus and AdBlock can execute arbitrary code on some websites

Post by barbaz »

https://armin.dev/blog/2019/04/adblock- ... injection/

Adblock Plus has already put in a fix for the vulnerability, and will be releasing an update soon - https://adblockplus.org/blog/potential- ... ter-option

uBlock Origin is not vulnerable to this (it doesn't have support for $rewrite).
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Filter lists in Adblock Plus and AdBlock can execute arbitrary code on some websites

Post by therube »

Last edited by barbaz on Thu Apr 18, 2019 12:54 am, edited 1 time in total.
Reason: Removed sid from link
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Filter lists in Adblock Plus and AdBlock can execute arbitrary code on some websites

Post by barbaz »

*Always* check the changelogs BEFORE updating that important software!
-
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Filter lists in Adblock Plus and AdBlock can execute arbitrary code on some websites

Post by barbaz »

Adblock Plus update is out, version 3.5.2 contains the fix.
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply