Mozilla Foundation Security Advisory 2008-51

file: URIs inherit chrome privileges when opened from chrome

Announced
November 12, 2008
Reporter
Luke Bryan
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 3.0.4

Description

Security researcher Luke Bryan reported that file: URIs are given chrome privileges when opened in the same tab as a chrome page or privileged about: page. This vulnerability could be used by an attacker to run arbitrary JavaScript with chrome privileges. The severity of this issue was determined to be moderate as it requires an attacker to have malicious code saved locally, then have a user open a chrome: document or privileged about: URI, and then open the malicious file in the same privileged tab.

Firefox 2 is not affected by this issue.

References