You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.4) > MFSA 2005-43
Mozilla Foundation Security Advisory 2005-43
Title: "Wrapped" javascript: urls bypass security checks
Severity: Critical
Reporter: Michael Krax, Georgi Guninski, L. David Baron
Products: Firefox, Mozilla Suite
Fixed in: Firefox 1.0.4
Mozilla Suite 1.7.8
Description
Some security checks intended to prevent script injection were incorrect
and could be bypassed by wrapping a javascript:
url in the
view-source:
pseudo-protocol. Michael Krax demonstrated
that a variant of his favicon exploit
could still execute arbitrary code, and the same technique could also
be used to perform cross-site scripting.
Georgi Guninski demonstrated the same flaw wrapping javascript:
urls
with the jar:
pseudo-protocol.
L. David Baron discovered a nested variant that defeated checks in the script security manager.
Workaround
Disable Javascript
References
Bug and exploit details withheld until May 18, 2005
- https://bugzilla.mozilla.org/show_bug.cgi?id=290949
- https://bugzilla.mozilla.org/show_bug.cgi?id=290982
- https://bugzilla.mozilla.org/show_bug.cgi?id=291150
- https://bugzilla.mozilla.org/show_bug.cgi?id=293671