You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-08

Mozilla Foundation Security Advisory 2011-08

Title: ParanoidFragmentSink allows javascript: URLs in chrome documents
Impact: Moderate
Announced: March 1, 2011
Reporter: Roberto Suggi Liverani
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.14
  Firefox 3.5.17
  Thunderbird 3.1.8
  SeaMonkey 2.0.12

Description

Security researcher Roberto Suggi Liverani reported that ParanoidFragmentSink, a class used to sanitize potentially unsafe HTML for display, allows javascript: URLs and other inline JavaScript when the embedding document is a chrome document. While there are no unsafe uses of this class in any released products, extension code could have potentially used it in an unsafe manner.

References