Mozilla products allows the src attribute in an img element to be changed to a JavaScript URI

Overview

Mozilla products contain a cross-site scripting vulnerability due to a vulnerability in the way IMG elements are loaded.

Description

A vulnerability in the way Mozilla products load IMG elements in a frame may cause a cross-site script injection. According to Mozilla Foundation Security Advisory 2006-72:

… the src attribute of an IMG element loaded in a frame could be changed to a javascript: URI that was able to bypass the protections against cross-site script (XSS) injection. The injected script could steal credentials and financial data, or perform destructive actions on behalf of a logged-in user.

---

Impact

By convincing a victim to view an HTML document (web page), an attacker could evaluate script in a different security domain than the one containing the attacker’s document. The attacker could read or modify data in other web sites (read cookies/content, modify/create content, etc.). If the script is evaluated with chrome privileges, an attacker could execute arbitrary commands on the user’s system.

---

Solution

Apply an update

According to the Mozilla Foundation Security Advisory 2006-72, this vulnerability is addressed in Firefox 2.0.0.1, Firefox 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7.

---

Disable JavaScript

For instructions on how to disable JavaScript in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.

---

Vendor Information

405092

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Debian GNU/Linux __ Affected

Updated: March 05, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to DSA-1258-1.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405092 Feedback>).

Mozilla __ Affected

Updated: December 21, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Mozilla Foundation Security Advisory 2006-72.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405092 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.mozilla.org/security/announce/2006/mfsa2006-72.html&gt;
• <https://bugzilla.mozilla.org/show_bug.cgi?id=351370&gt;
• <http://secunia.com/advisories/23591/&gt;
• <http://secunia.com/advisories/23598/&gt;
• <http://secunia.com/advisories/23439/&gt;
• <http://secunia.com/advisories/23545/&gt;
• <http://secunia.com/advisories/23601/&gt;
• <http://secunia.com/advisories/23614/&gt;
• <http://secunia.com/advisories/23618/&gt;
• <http://secunia.com/advisories/23692/&gt;
• <http://www.securityfocus.com/bid/21668&gt;
• <http://secunia.com/advisories/23988/&gt;

Acknowledgements

This vulnerability was reported in Mozilla Foundation Security Advisory 2006-72. Mozilla credits moz_bug_r_a4 with providing information about this issue.

This document was written by Chris Taschner.

Other Information

CVE IDs:	CVE-2006-6503
Severity Metric:	10.26 Date Public: