Mozilla products allow chrome URLs to reference remote files. This allows a remote attacker to execute code.
The Mozilla user interface components outside of the content area are created using chrome. This includes toolbars, menu bars, progress bars, and window title bars. Chrome provides content, locale, and skin information for the user interface.
A remote, unauthenticated attacker may be able to execute code on a vulnerable system with the privileges of the user who opened the affected browser or email application.
This vulnerability was reported in Mozilla Foundation Security Advisory 2006-56. Mozilla credits Benjamin Smedberg for reporting this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2006-07-31|
|Date Last Updated:||2007-02-09 14:06 UTC|