You are here: Known Vulnerabilities in Mozilla Products (Firefox 2.0.0.12) > MFSA 2008-06

Mozilla Foundation Security Advisory 2008-06

Title: Web browsing history and forward navigation stealing
Impact: Critical
Announced: February 7, 2008
Reporter: David Bloom
Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.12
  SeaMonkey 1.1.8

Description

Mozilla contributor David Bloom reported a vulnerability in the way images are treated by the browser when a user leaves a page which utilizes designMode frames. The reported issue can be used to steal a user's navigation history, forward navigation information, and crash the user's browser. The crash showed evidence of memory corruption and might be exploitable to run arbitrary code.

Workaround

Disable JavaScript until a version containing these fixes can be installed.

References