Arbitrary code execution from Firefox sidebar panel II

Bug #16232 reported by Tres Seaver
8
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
Critical
Thom May

Bug Description

Sites can use the _search target to open links in the Firefox sidebar. Two
missing security checks allow malicious scripts to first open a privileged page
(such as about:config) and then inject script using a javascript: url. This
could be used to install malicious code or steal data without user interaction.

Fixed in: Firefox 1.0.3 / Mozilla Suite 1.7.7

Workaround: Disable Javascript

References:

 - https://bugzilla.mozilla.org/show_bug.cgi?id=290079

http://www.mozilla.org/security/announce/mfsa2005-39.html: http://www.mozilla.org/security/announce/mfsa2005-39.html

Revision history for this message
Uphaar Agrawalla (uphaar) wrote :

This vulnerability is fixed in Ubuntu's Firefox 1.0.2-0ubuntu5.1
http://changelogs.ubuntu.com/changelogs/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.1/changelog

Closing as Fixed.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.