The Mozilla user interface components outside of the content area are created using chrome. This includes toolbars, menu bars, progress bars, and window title bars. Chrome provides content, locale, and skin information for the user interface.
Chrome scripts have elevated privileges. Because of the extra privileges, they can perform actions that web scripts cannot. Chrome scripts also do not prompt for permission before executing potentially dangerous commands, such as creating or calling XPCOM components.
A site icon is an icon associated with a particular web site or page. This icon may appear in the address bar or bookmarks of the web browser. A web page can specify a site icon by using the <LINK REL="icon"> or <LINK REL="shortcut icon"> HTML tags.
Mozilla executes script within a LINK tag that specifies a site icon. This script is treated as a chrome script and is therefore granted extra privileges. By granting UniversalXPConnect privileges to itself, a chrome script can gain unrestricted access to browser APIs using XPConnect. A script with these privileges may create and execute arbitrary files on the local filesystem.
By convincing a user to view an HTML document (e.g., a web page), an attacker could execute arbitrary commands or code with the privileges of the user. The attacker could take any action as the user. If the user has administrative privileges, the attacker could take complete control of the user's system.
Install an update
This vulnerability was disclosed by the Mozilla Foundation, who in turn credits Michael Krax for reporting the information.
This document was written by Will Dormann.
|Date First Published:||2005-04-19|
|Date Last Updated:||2005-08-01 14:13 UTC|