FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox -- arbitrary code execution from sidebar panel

Affected packages
	firefox	<	1.0.2,1
	linux-firefox	<	1.0.2

Details

VuXML ID	741f8841-9c6b-11d9-9dbe-000a95bc6fae
Discovery	2005-03-03
Entry	2005-03-24

A Mozilla Foundation Security Advisory states:

If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it.

[source]

References

CVE Name	CVE-2005-0402
URL	http://www.mozilla.org/security/announce/mfsa2005-31.html