• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-16

Mozilla Foundation Security Advisory 2012-16

Title: Escalation of privilege with Javascript: URL as home page
Impact: Critical
Announced: March 13, 2012
Reporter: Mariusz Mlynski
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 11.0
  Firefox ESR 10.0.3
  Firefox 3.6.28
  Thunderbird 11.0
  Thunderbird ESR 10.0.3
  Thunderbird 3.1.20
  SeaMonkey 2.8

Description

Security researcher Mariusz Mlynski reported that an attacker able to convince a potential victim to set a new home page by dragging a link to the "home" button can set that user's home page to a javascript: URL. Once this is done the attacker's page can cause repeated crashes of the browser, eventually getting the script URL loaded in the privileged about:sessionrestore context.

References

• loads of principal-inheriting URIs (e.g. javascript:) on chrome-privileged pages (e.g. about:sessionstore) allows unexpected privilege escalation
• prevent self-XSS in homepage icon (disallow javascript: drops)
• disallow inheriting of system principal in type=content docshells
• CVE-2012-0458