CVE-2007-1878

Name of the Vulnerable Software and Affected Versions: Firebug extension versions prior to 1.03

Description: A cross-zone scripting issue exists in the DOM templates used by the console.log function, allowing remote attackers to bypass zone restrictions. This can lead to reading arbitrary file:// URIs or executing arbitrary code in the browser chrome. The issue is related to a lack of HTML escaping in the property name, as demonstrated via the runFile function.

Recommendations: For Firebug extension versions prior to 1.03, update to version 1.03 or later to resolve the issue. As a temporary workaround, consider disabling the use of the console.log function with DOM templates until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation.