Mozilla Firefox does not properly enforce domain restrictions on content sent by external applications, allowing a remote attacker to execute code on a vulnerable system.
If Firefox is displaying a privileged chrome: URI, then the external application could cause Firefox to execute arbitrary code.
By convincing a user to open a specially crafted media file, an attacker may be able to execute arbitrary code on a vulnerable system. Other applications that have the ability to send URIs to Firefox may also be used to trigger the vulnerability. Additional impacts are similar to cross-site scripting attacks, as described in CERT Advisory CA-2000-02.
Netscape 8 is configured by default to open external links in new tabs, which prevents exploitation of this vulnerability.
This vulnerability was reported in Mozilla Foundation Security Advisory 2005-53 . Mozilla credits Michael Krax for providing information regarding this issue.
|Date First Published:||2005-08-02|
|Date Last Updated:||2005-08-15 12:50 UTC|