Software Engineering Institute

Mozilla Firefox can accept links from external applications, such as Flash and Quicktime. When such an application attempts to open a link, it is sent to the default web browser. The default configuration for Firefox is to open links from other applications in the most recent tab or window. When Firefox receives a javascript: URI from an external application, it will execute within the security context of the page currently displayed by the browser, thus creating a cross-domain violation.

If Firefox is displaying a privileged chrome: URI, then the external application could cause Firefox to execute arbitrary code.

For more information, please refer to Mozilla Foundation Security Advisory 2005-53. This vulnerability affects Firefox versions prior to 1.0.5 and Netscape 8 versions prior to 8.0.3.1. Other web browsers based on Mozilla Firefox may also be affected.

By convincing a user to open a specially crafted media file, an attacker may be able to execute arbitrary code on a vulnerable system. Other applications that have the ability to send URIs to Firefox may also be used to trigger the vulnerability. Additional impacts are similar to cross-site scripting attacks, as described in CERT Advisory CA-2000-02.

Upgrade
This vulnerability is addressed in Firefox 1.0.5 and Netscape 8.0.3.1 and later.

According to Mozilla Foundation Security Advisory 2005-53, the following workaround will mitigate this vulnerability.

Set the browser to open external links in a new tab or new window.

1. Open the Options dialog from the Tools menu
2. Select the Advanced icon in the left panel
3. Open the "Tabbed Browsing" group
4. Set "Open links from other applications in:" to either new tab or new window