Code execution through javascript: favicons
Bug #16231 reported by
Tres Seaver
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox (Ubuntu) |
Fix Released
|
Critical
|
Thom May |
Bug Description
Firefox and the Mozilla Suite support custom "favicons" through the <LINK
rel="icon"> tag. If a link tag is added to the page programmatically and a
javascript: url is used, then script will run with elevated privileges and could
run or install malicious software.
Workaround: Disable javascript.
Fixed in: Firefox 1.0.3 / Mozilla Suite 1.7.7
References:
- http://
- https:/
http://
To post a comment you must log in.
This is pretty serious, i just tried out the demo-exploit from www.mikx. de/firelinking/ on my hoary firefox and it worked www.mozilla. org/projects/ security/ known-vulnerabi lities. html
http://
and succesfully created a file in my home directory just by
opening a link.
I think ff 1.0.3. should definitely go into hoary-updates or the
fixes should at least be backported to the 1.0.2 in hoary (but i don't
really see a reason for not updating to 1.0.3, we're not debian stable ;)).
And it's not the only serious hole in 1.0.2, just take a look at
what was fixed in 1.0.3 on
http://
bye,
david