Code execution via "Set as Wallpaper"
- July 12, 2005
- Michael Krax
- Fixed in
- Firefox 1.0.5
The attacker would have to convince the user to change their desktop background to the exploit image, and to do so by using the Firefox context menu rather than first saving the image locally and using the normal mechanism provided by their operating system.
This affects only Firefox 1.0.3 and 1.0.4; earlier versions are unaffected. The implementation of this feature in the Mozilla Suite is also unaffected.
To use an image as your desktop background save it as a file first and then use the operating system's features to make the image your desktop wallpaper.