Mozilla Foundation Security Advisory 2009-04
Chrome privilege escalation via local .desktop files
- Announced
- February 3, 2009
- Reporter
- Georgi Guninski
- Impact
- Moderate
- Products
- Firefox
- Fixed in
- 
        - Firefox 3.0.6
 
Description
Mozilla security researcher Georgi Guninski reported
that the fix for an earlier vulnerability reported by Liu Die Yu using local
internet shortcut files to access other sites
(MFSA 2008-47) could be bypassed
by redirecting to a privileged about: URI such as
about:plugins.
If an attacker could get a victim to
download two files, a malicious HTML file and a .desktop shortcut
file, they could have the HTML document load a privileged chrome document
via the shortcut and both documents would be treated as same origin.
This vulnerability could potentially be used by an attacker to inject
arbitrary code into the chrome document and execute with chrome
privileges.  Because this attack has relatively high complexity, the
severity of this issue was determined to be moderate.
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=460425
- CVE-2009-0356
- MFSA 2008-47: Information stealing via local shortcut files