Mozilla Foundation Security Advisory 2010-13
Content policy bypass with image preloading
- Announced
- March 23, 2010
- Reporter
- Josh Soref, Nokia
- Impact
- Moderate
- Products
- Firefox
- Fixed in
- 
        - Firefox 3.6.2
 
Description
Mozilla developer Josh Soref of Nokia reported that
documents failed to call certain security checks when attempting to
preload images.  Although the image content is not available to the page, it
is possible to specify protocols that are normally not allowed in a web page
such as file:. This includes internal schemes implemented by
add-ons that might perform privileged actions resulting in something like a
Cross-Site Request Forgery (CSRF) attack against the add-on. Potential severity
would depend on the add-ons installed.