You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.5) > MFSA 2005-49

Mozilla Foundation Security Advisory 2005-49

Title: Script injection from Firefox sidebar panel using data:
Severity: High
Reporter: Kohei Yoshino
Products: Firefox

Fixed in: Firefox 1.0.5


Sites can use the _search target to open links in the Firefox sidebar. A missing security check allows the sidebar to inject data: urls containing scripts into any page open in the browser. This could be used to steal cookies, passwords or other sensitive data.