Alanjstr

Name of the Vulnerable Software and Affected Versions: Firefox version 1.0.3 Description: The issue allows remote web sites on the browser's whitelist to execute arbitrary Javascript with chrome privileges. This can lead to arbitrary code execution on the system when combined with other vulnerabilities. The exploitation can be demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. Recommendations: For Firefox version 1.0.3, consider restricting access to the `install` function until a patch is available. As a temporary workaround, avoid using the `javascript:` URL scheme for package icons to minimize the risk of exploitation.