InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Privilege escalation through SVG navigation

https://forums.informaction.com/viewtopic.php?t=20661

Page 1 of 1

Privilege escalation through SVG navigation

Posted: Mon Mar 23, 2015 11:42 am
by Popeye
Hi,

Just curious, did NoScript protect against this vulnerability, fixed in Firefox 36.0.4 ?

I can't get access to the Bugzilla page since it's protected, so I don't know whether Javascript must be enabled to exploit this SVG parser (?) flaw.

Re: Privilege escalation through SVG navigation

Posted: Mon Mar 23, 2015 12:01 pm
by Giorgio Maone
Yes, NoScript did protect against it.
The exploit requires JavaScript to be enabled on the attacker's page.

Re: Privilege escalation through SVG navigation

Posted: Mon Mar 23, 2015 2:56 pm
by Popeye
Yay, thanks for letting me know :)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited