You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-20
Mozilla Foundation Security Advisory 2010-20
Title: Chrome privilege escalation via forced URL drag and drop
Impact: Critical
Announced: March 30, 2010
Reporter: Paul Stone
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6.2
Firefox 3.5.9
Firefox 3.0.19
SeaMonkey 2.0.4
Description
Security researcher Paul Stone reported that a
browser applet could be used to turn a simple mouse click into a
drag-and-drop action, potentially resulting in the unintended loading
of resources in a user's browser. This behavior could be used twice
in succession to first load a privileged chrome:
URL in a
victim's browser, then load a malicious javascript:
URL
on top of the same document resulting in arbitrary script execution
with chrome privileges.