Mozilla

Mozilla Foundation Security Advisory 2005-55

XHTML node spoofing

Announced
July 12, 2005
Reporter
moz_bug_r_a4
Impact
High
Products
Firefox, Mozilla Suite
Fixed in
  • Firefox 1.0.5
  • Mozilla Suite 1.7.10

Description

Parts of the browser UI relied too much on DOM node names without taking different namespaces into account and verifying that nodes really were of the expected type. An XHTML document could be used to create fake <IMG> elements, for example, with content-defined properties that the browser would access as if they were the trusted built-in properties of the expected HTML elements.

The severity of the vulnerability would depend on what the attacker could convince the victim to do, but could result in executing user-supplied script with elevated "chrome" privileges. This could be used to install malicious software on the victim's machine.

Workaround

References