+++ This bug was initially created as a clone of Bug #155114 +++ Firefox 1.0.3 has been released. The following issues have been fixed http://www.mozilla.org/projects/security/known-vulnerabilities.html MFSA 2005-33 Javascript "lambda" replace exposes memory contents CAN-2005-0989 MFSA 2005-34 javascript: PLUGINSPAGE code execution CAN-2005-0752 MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context MFSA 2005-36 Cross-site scripting through global scope pollution MFSA 2005-37 Code execution through javascript: favicons MFSA 2005-38 Search plugin cross-site scripting MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II MFSA 2005-40 Missing Install object instance checks MFSA 2005-41 Privilege escalation via DOM property overrides I'll fill in the rest of the CVE id's when they arrive.
There's a working, public proof of concept code creating arbitrary file in user's home directory for MFSA 2005-37 http://www.mikx.de/firelinking/ which can be trivially modified by a script kiddie to execute arbitrary commands, for example by writing a .bash_profile file. Please release a security update when possible.
We released a firefox-1.0.3 update a few days ago. It is still affected by this problem? In my testing it isn't.
You did. I'm sorry. I didn't notice because the advisory was not sent to fedora-announce mailing list: https://www.redhat.com/archives/fedora-announce-list/2005-April/date.html
Fixed in latest release of firefox