Author: Paul Affected Software: Mozilla Firefox 1.0.0, 1.0.1 (tested only on these versions) Risk: Low/Medium A minor security vulnerability exists in the way that Firefox handles cross-domain image dragging. Dragging an image into the address bar will cause Firefox to navigate to the image url even if it is a javascript url and the page to be navigated from is in a different domain than the page on which the image is shown. This may potentially allow attackers to steal cookies, etc. A proof of concept is available at http://greyhatsecurity.org/vulntests/firefox.htm Vendor Reccomendations: Disable dragging images with javascript urls. User Reccomendations: Do not drag images into the address bar. Paul http://greyhatsecurity.org Reproducible: Always Steps to Reproduce:
Havy any bugs been filed upstream about this? This doesn't seem like our issue until we can get a patch from them.
Can't find it, but those are typically hidden until resolution. With the security bug bounty program, you can be sure the discoverer notified the Mozilla team :) As always we should wait for Mozilla to update the known vuln page...
This bug is not really exploitable to do anything, and Mozilla apparently agrees with us since they did not fix it in their recent releases. I propose to close it, reopen if you disagree.