You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.2) > MFSA 2005-31

Mozilla Foundation Security Advisory 2005-31

Title: Arbitrary code execution from Firefox sidebar panel
Severity: Critical
Risk: Moderate
Reporter: Kohei Yoshino
Products: Firefox

Fixed in: Firefox 1.0.2

Description

If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it.

Workaround

Do not add sidebar panels. Upgrade to fixed version

References