Firefox executes JavaScript in normal bookmarks

Michal Zalewski, a specialist on browser security, has published a demo that reveals a weak point in the processing of bookmarks by Firefox 1.5 and 2.0. The problem occurs when JavaScript contained within a bookmark is executed in the context of the site currently displayed instead of in the site to be called. Attackers can exploit this hole to copy a victim's cookies and misuse them for their own purposes.

While this has been possible for some time with bookmarklets, they first have to be imported into a bookmark collection via the context menu (right mouse key); they cannot simply be added via the bookmark option or Control-D. But in Zalewski's method, the bookmark containing JavaScript can be added in this way. Users think they are marking a normal site and do not realize that they have actually added a bookmarklet. heise Security - News - Firefox executes JavaScript in normal bookmarks

Linked by shanmuga Friday, 23rd February 2007 7:54PM