FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox -- arbitrary code execution from sidebar panel

Affected packages
firefox < 1.0.2,1
linux-firefox < 1.0.2

Details

VuXML ID 741f8841-9c6b-11d9-9dbe-000a95bc6fae
Discovery 2005-03-03
Entry 2005-03-24

A Mozilla Foundation Security Advisory states:

If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it.

References

CVE Name CVE-2005-0402
URL http://www.mozilla.org/security/announce/mfsa2005-31.html