[Japanese]

JVNDB-2007-000779

MouseoverDictionary vulnerable to arbitrary script execution

Overview

MouseoverDictionary, an add-on for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script.

MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script on the user's web browser as it does not handle the sidebar HTML page properly.
CVSS Severity (What is CVSS?)

Base Metrics: 5.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


Ichiro Maruta
  • MouseoverDictionary Version 0.6.1 and earlier

Impact

An attacker could execute an arbitrary script in Mozilla Firefox when the user uses MouseoverDictionary. Depending on the script, the attacker may be able to view arbitrary files on the client PC.
Solution

[Update the Software]

Apply the latest updates provided by the developer.
Vendor Information

Ichiro Maruta
  • Mouseover Dictionary : News
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2007-5459
References

  1. JVN : JVN#63304072
  2. National Vulnerability Database (NVD) : CVE-2007-5459
  3. Secunia Advisory : SA27195
  4. SecurityFocus : 26053
  5. ISS X-Force Database : 37184
Revision History

[2008/05/21]
  Web page published

Date Public2007/10/12
Date First Published2008/05/21
Date Last Updated2008/05/21