Mozilla Foundation Security Advisory 2005-31

Arbitrary code execution from Firefox sidebar panel

Announced

March 22, 2005

Reporter

Kohei Yoshino

Risk

Moderate

Impact

Critical

Products

Firefox

Fixed in

Firefox 1.0.2

Description

If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it.

Workaround

Do not add sidebar panels. Upgrade to fixed version

References

https://bugzilla.mozilla.org/show_bug.cgi?id=284627
CAN-2005-0402

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising