Security researcher, Luke Bryan, reported that file: URIs are given chrome
privileges when opened in the same tab as a chrome page or privileged
about: page. This vulnerability could be used by an attacker to run
determined to be moderate as it requires an attacker to have malicious code
saved locally, then have a user open a chrome: document or privileged
about: URI, and then open the malicious file in the same privileged tab.
This is now public:
xulrunner-18.104.22.168-1.fc9, firefox-3.0.4-1.fc9, epiphany-extensions-2.22.1-5.fc9, epiphany-2.22.2-5.fc9, cairo-dock-22.214.171.124-1.fc9.1, chmsee-1.0.1-6.fc9, devhelp-0.19.1-6.fc9, evolution-rss-0.1.0-4.fc9, galeon-2.0.7-3.fc9, gnome-python2-extras-2.19.1-21.fc9, gnome-web-photo-0.3-15.fc9, google-gadgets-0.10.1-5.fc9.1, gtkmozembedmm-1.4.2.cvs20060817-22.fc9, kazehakase-0.5.6-1.fc9.1, Miro-1.2.7-2.fc9, mozvoikko-0.9.5-4.fc9, mugshot-1.2.2-3.fc9, ruby-gnome2-0.17.0-3.fc9, totem-2.23.2-8.fc9, yelp-2.22.1-6.fc9, seamonkey-1.1.13-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via:
Red Hat Enterprise Linux version 4 (firefox) RHSA-2008:0978
Red Hat Enterprise Linux version 5 (firefox) RHSA-2008:0978