You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-23

Mozilla Foundation Security Advisory 2010-23

Title: Image src redirect to mailto: URL opens email editor
Impact: Low
Announced: March 30, 2010
Reporter: Henry Sudhof
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6.2
  Firefox 3.5.9
  SeaMonkey 2.0.4

Description

phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images.

This issue has not been fixed in Firefox 3.0

References