Packages

  • Status Closed
  • Percent Complete
    100%
  • Task Type Security Issue
  • Category Any
  • Assigned To
    g4jc
  • Operating System All
  • Severity Critical
  • Priority Very High
  • Reported Version Any
  • Due in Version Starfix
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by bugmen0t - 10/09/2018
Last edited by Emulatorman - 13/09/2018

FS#1171 - [iceweasel-uxp-noscript] Zero-day bypass and script execution

Description:

NoScript zero-day allows script execution even with scripts blocked by default.

https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/

https://twitter.com/ma1/status/1039163003034324992

Additional info:
* package version(s) < 5.1.8.7

Steps to reproduce:
Set the Content-Type of your html/js page to “text/html;json” and enjoy full JS pwnage”

Closed by  Emulatorman
13.09.2018 01:54
Reason for closing:  Fixed
Admin
g4jc commented on 12.09.2018 00:34

This has been fixed, just needs to be packaged. You can try the fixed addon here: https://repo.hyperbola.info:50000/other/iceweasel-uxp/addons/noscript/

Date User Effort (H:M)
watch my effort tracking timers

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing