Mozilla

Mozilla Foundation Security Advisory 2010-23

Image src redirect to mailto: URL opens email editor

Announced
March 30, 2010
Reporter
Henry Sudhof
Impact
Low
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.5.9
  • Firefox 3.6.2
  • SeaMonkey 2.0.4

Description

phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images.

This issue has not been fixed in Firefox 3.0

References