Mozilla

Mozilla

Mozilla Foundation Security Advisory 2005-31

Arbitrary code execution from Firefox sidebar panel

Announced
March 22, 2005
Reporter
Kohei Yoshino
Risk
Moderate
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 1.0.2

Description

If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it.

Workaround

Do not add sidebar panels. Upgrade to fixed version

References