Firefox and the Mozilla Suite support custom "favicons" through the <LINK
rel="icon"> tag. If a link tag is added to the page programmatically and a
javascript: url is used, then script will run with elevated privileges and could
run or install malicious software.
Firefox and the Mozilla Suite support custom "favicons" through the <LINK
rel="icon"> tag. If a link tag is added to the page programmatically and a
javascript: url is used, then script will run with elevated privileges and could
run or install malicious software.
Workaround: Disable javascript.
Fixed in: Firefox 1.0.3 / Mozilla Suite 1.7.7
References:
- http:// www.mikx. de/firelinking/
- https:/ /bugzilla. mozilla. org/show_ bug.cgi? id=290036