Mozilla Firefox contains a flaw that may allow a malicious user to inject script code in the browser environment with the privleges of the locally-logged on user. The issue is triggered when a malicious web site is bookmarked as a sidebar panel. It is possible that the flaw may allow an attacker to run arbitrary code on the victim's machine, resulting in a loss of integrity.

Upgrade to version 1.0.2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Do not bookmark untrusted sites as sidebar panels.

• Security Tracker: 1013520
• Bugtraq ID: 12884
• Secunia Advisory ID: 14654 14736
• CVE ID: 2005-0402 (see also: NVD)
• Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200503-31.xml
• Vendor Specific Advisory URL: http://www.mozilla.org/security/announce/mfsa2005-31.html
• Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=284627

• Kohei Yoshino - bugzillaminutedesign.com -