Mikx

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0.3 Mozilla Suite versions prior to 1.7.7 **Description** The issue allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the `href` attribute. This is related to the favicon functionality. **Recommendations** For Firefox versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. For Mozilla Suite versions prior to 1.7.7, update to version 1.7.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox version 1.0 **Description** The issue allows remote attackers to bypass the security model by dragging a javascript: or data: URL to a tab, due to the failure of invoking the Javascript Security Manager. This is related to a technique known as "firetabbing." **Recommendations** For Firefox version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.