CVE-2007-1947

Name of the Vulnerable Software and Affected Versions Firebug extension versions prior to 1.04

Description A cross-zone scripting issue exists due to the incorrect identification of anonymous JavaScript functions in the DOM templates used by the console.log function. This allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration.

Recommendations For Firebug extension versions prior to 1.04, update to version 1.04 or later to resolve the issue. As a temporary workaround, consider disabling the console.log function until a patch is available. Restrict access to the browser chrome to minimize the risk of exploitation. Avoid using the toString function in sensitive contexts until the issue is resolved.