Hi,
I was reading http://mozillazine.org/talkback.html?article=6582
especially this part: "One of the parameters passed to the software installation method is an icon URL, which can be a piece of JavaScript code. As this JavaScript is executed from the chrome (the browser user interface rather than a Web page), it has 'full chrome privileges' and can do anything that the user running Firefox can. The attacker can therefore pass in some malicious JavaScript and run arbitrary code on the victim's system."
and I was wondering if the patch we use in xpinstallConfirm.js is sufficient already:
var icon = this._param.GetString(++i);
if (icon != "" && !icon.match(/^javascript:/i))
installItem.icon = icon;see also: http://lxr.mozilla.org/seamonkey/source/toolkit/mozapps/xpinstall/content/xpinstallConfirm.js#65
Michael Vincent van Rantwijk. _______________________________________________ Mozilla-xpinstall mailing list Mozilla-xpinstall@mozilla.org http://mail.mozilla.org/listinfo/mozilla-xpinstall
