Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2005-26

Cross-site scripting by dropping javascript: link on tab

Announced
February 24, 2005
Reporter
Michael Krax
Risk
Low
Impact
Critical
Products
Firefox, Mozilla Suite
Fixed in
  • Firefox 1.0.1
  • Mozilla Suite 1.7.6

Description

Dropping a javascript: or data: link on a tab executes in the context of the site already loaded in the tab. If an attacker could convince a user to drag and drop such a link on a particular tab this could be used to steal information or credentials associated with the site in that tab.

If the target tab contained privileged content, such as about:config, the dropped javascript link could run arbitrary code on the user's machine.

Workaround

Don't drag and drop opaque links. Disable Javascript.

References