FireGPG is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML or JavaScript code could run in the context of the website that the application is triggered from, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. This issue affects FireGPG 0.4.6; prior versions may also be affected. Sun StarSuite 8 Sun StarOffice 8.0 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc RedHat Fedora 8 0 RedHat Fedora 7 0 RedHat Fedora Core6 RedHat Enterprise Linux Optional Productivity Application v.5 server RedHat Enterprise Linux Desktop v.5...
FireGPG is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML or JavaScript code could run in the context of the website that the application is triggered from, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. This issue affects FireGPG 0.4.6; prior versions may also be affected. Sun StarSuite 8 Sun StarOffice 8.0 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc RedHat Fedora 8 0 RedHat Fedora 7 0 RedHat Fedora Core6 RedHat Enterprise Linux Optional Productivity Application v.5 server RedHat Enterprise Linux Desktop v.5 client RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux AS 4 RedHat Desktop 4.0 OpenOffice OpenOffice 2.3 OpenOffice OpenOffice 2.2.1 OpenOffice OpenOffice 2.0.4 OpenOffice OpenOffice 2.0.3 -1 OpenOffice OpenOffice 2.0.3 OpenOffice OpenOffice 2.0.2 OpenOffice OpenOffice 2.0.1 OpenOffice OpenOffice 2.0 Beta OpenOffice OpenOffice 2.2 OpenOffice OpenOffice 2.1 HSQLDB hsqldb 1.8 7 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 The vendor released version 0.4.7 to address this issue. Please see the references for more information. <a href=http://firegpg.tuxfamily.org/stable/firegpg.xpi target=_blank>http://firegpg.tuxfamily.org/stable/firegpg.xpi</a>
