Vulnerabilities > CVE-2007-1947 - Security Bypass vulnerability in Firebug

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

parakey-inc

exploit available

NVD

Published: 2007-04-11

Updated: 2018-10-16

Summary

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.

Vulnerable Configurations

Part	Description	Count
Application	Parakey_Inc. Parakey Inc. Firebug *	1

Exploit-Db

description	Firebug 1.03 Rep.JS Script Code Injection Vulnerability. CVE-2007-1947. Remote exploits for multiple platform
id	EDB-ID:29820
last seen	2016-02-03
modified	2007-03-06
published	2007-03-06
reporter	Thor Larholm
source	https://www.exploit-db.com/download/29820/
title	Firebug 1.03 Rep.JS Script Code Injection Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References