You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.



You are here: Known Vulnerabilities in Mozilla Products (Firefox 2.0.0.6) > MFSA 2007-26

Mozilla Foundation Security Advisory 2007-26

Title: Privilege escalation through chrome-loaded about:blank windows
Impact: Moderate
Announced: July 30, 2007
Reporter: moz_bug_r_a4
Products: Firefox 2.0.0.5, Thunderbird 2.0.0.5, SeaMonkey 1.1.3

Fixed in: Firefox 2.0.0.6
  Thunderbird 2.0.0.6
  Thunderbird 1.5.0.13
  SeaMonkey 1.1.4

Description

Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create "about:blank" windows and populate them in certain ways (including implicit "about:blank" document creation through data: or javascript: URLs in a new window).

Workaround

Any workaround would depend on the addon in question. One addon known to be affected was the Web Developer Toolbar, which was safe in its default configuration but potentially vulnerable to malicious web content if informational windows were opened as separate windows instead of tabs. The workaround for this, then, is to switch back to the default setting.

Other affected addons might not have a workaround other than to upgrade to a fixed version of Firefox.

References