Firefox updates

**AplusWebMaster** · 2007-03-06, 14:28

Another fix not previously listed:

Mozilla Foundation Security Advisory 2007-09
- http://www.mozilla.org/security/anno...sa2007-09.html
Title: Privilege escalation by setting img.src to javascript: URI
Impact: Critical
Announced: March 5, 2007 ...
Fixed in:
Firefox 2.0.0.2
Firefox 1.5.0.10
SeaMonkey 1.1.1
SeaMonkey 1.0.8
Description: ...The fix for MFSA 2006-72 in Firefox 1.5.0.9 and Firefox 2.0.0.1 introduced a regression that allows scripts from web content to execute arbitrary code by setting the src attribute of an IMG tag to a specially crafted javascript: URI. The same regression also caused javascript: URIs in IMG tags to be executed even if JavaScript execution was disabled in the global preferences... Thunderbird is not affected by this flaw as it will not execute javascript: URIs in IMG tags.
Workaround: Upgrade to a version containing the fix. Disabling JavaScript does not protect against this flaw..."

.

Thread: Firefox updates

Thread Tools

Display

Hybrid View

Posting Permissions