chrome: scheme loading remote content
- July 25, 2006
- Benjamin Smedberg (Mozilla)
- Firefox, SeaMonkey, Thunderbird
- Fixed in
- Firefox 184.108.40.206
- SeaMonkey 1.0.3
- Thunderbird 220.127.116.11
Benjamin Smedberg discovered that chrome URL's could be made to reference remote files, which would run scripts with full privilege. There is no known way for web content to successfully load a chrome: url, but if a user could be convinced to do so manually (perhaps by copying a link and pasting it into the location bar) this could be exploited.
Although Thunderbird shares the browser engine with Firefox it supports no way for a mail message to load a chrome: url or to cause one to be loaded in the browser. It is thus not vulnerable to this flaw. The underlying Thunderbird code has been fixed in 18.104.22.168
Do not copy or drag links from untrusted web content or emails. If you must, make sure it is a normal http:, https:, or ftp: link rather than chrome: or another uncommon type.
Exploit details withheld during the active upgrade period