Mozilla Foundation Security Advisory 2005-31

Arbitrary code execution from Firefox sidebar panel

Announced

March 22, 2005

Reporter

Kohei Yoshino

Risk

Moderate

Impact

Critical

Products

Firefox

Fixed in

Firefox 1.0.2

Description

If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it.

Workaround

Do not add sidebar panels. Upgrade to fixed version

References

https://bugzilla.mozilla.org/show_bug.cgi?id=284627
CAN-2005-0402

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice