Mozilla Foundation Security Advisory 2009-04

Chrome privilege escalation via local .desktop files

Announced
February 3, 2009
Reporter
Georgi Guninski
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 3.0.6

Description

Mozilla security researcher Georgi Guninski reported that the fix for an earlier vulnerability reported by Liu Die Yu using local internet shortcut files to access other sites (MFSA 2008-47) could be bypassed by redirecting to a privileged about: URI such as about:plugins. If an attacker could get a victim to download two files, a malicious HTML file and a .desktop shortcut file, they could have the HTML document load a privileged chrome document via the shortcut and both documents would be treated as same origin. This vulnerability could potentially be used by an attacker to inject arbitrary code into the chrome document and execute with chrome privileges. Because this attack has relatively high complexity, the severity of this issue was determined to be moderate.

References