2/27/2005

Firefox Address Bar Image Dragging Remote Script Execution Vulnerability

Filed under: — Aviran Mordo

A remote script execution vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly validate the origin of scripts prior to execution when loaded into a browser window by dragging JavaScript image URIs into the address bar.

An attacker may leverage this issue to execute arbitrary script code in the context of a target Web site in the browser of an unsuspecting user. This may facilitate cookie-based authentication credential theft as well as other attacks.

This vulnerability affects both Mozilla Firefox 1.0 and the newly updated Mozilla Firefox 1.0.1.

Currently there is no workaround for this problem

Powered by WordPress