You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.5) > MFSA 2005-49
Mozilla Foundation Security Advisory 2005-49
Title: Script injection from Firefox sidebar panel using data:
Reporter: Kohei Yoshino
Fixed in: Firefox 1.0.5
Sites can use the _search target to open links in the Firefox sidebar. A missing security check allows the sidebar to inject data: urls containing scripts into any page open in the browser. This could be used to steal cookies, passwords or other sensitive data.