Mozilla Foundation Security Advisory 2010-20

Chrome privilege escalation via forced URL drag and drop

Announced
March 30, 2010
Reporter
Paul Stone
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.0.19
  • Firefox 3.5.9
  • Firefox 3.6.2
  • SeaMonkey 2.0.4

Description

Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges.

References