Mozilla Foundation Security Advisory 2009-04

Chrome privilege escalation via local .desktop files

Announced

February 3, 2009

Reporter

Georgi Guninski

Impact

Moderate

Products

Firefox

Fixed in

Firefox 3.0.6

Description

Mozilla security researcher Georgi Guninski reported that the fix for an earlier vulnerability reported by Liu Die Yu using local internet shortcut files to access other sites (MFSA 2008-47) could be bypassed by redirecting to a privileged about: URI such as about:plugins. If an attacker could get a victim to download two files, a malicious HTML file and a .desktop shortcut file, they could have the HTML document load a privileged chrome document via the shortcut and both documents would be treated as same origin. This vulnerability could potentially be used by an attacker to inject arbitrary code into the chrome document and execute with chrome privileges. Because this attack has relatively high complexity, the severity of this issue was determined to be moderate.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=460425
CVE-2009-0356
MFSA 2008-47: Information stealing via local shortcut files

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2009-04

Chrome privilege escalation via local .desktop files

Description

References