|
| From: | MOZILLA | | Date: | 19 февраля 2010 г. | | Subject: | Mozilla Foundation Security Advisory 2010-05 |
Mozilla Foundation Security Advisory 2010-05
Title: XSS hazard using SVG document and binary Content-Type
Impact: Moderate
Announced: February 17, 2010
Reporter: Georgi Guninski
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6
Firefox 3.5.8
Firefox 3.0.18
SeaMonkey 2.0.3
Description
Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an <embed> tag with type="image/svg+xml", the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=455472
* CVE-2010-0162
|
