Mozilla Foundation Security Advisory 2005-47
Title: Code execution via "Set as Wallpaper"
Severity: High
Reporter: Michael Krax
Products: Firefox 1.0.3
Fixed in: Firefox 1.0.5
Description
If an attacker can convince a victim to use the "Set As Wallpaper" context
menu item on a specially crafted image then they can run arbitary code on the
user's computer. The image "source" must be a javascript: url containing an
eval() statement and such an image would get the "broken image" icon, but with
CSS it could be made transparent and placed on top of a real image.
This affects only Firefox 1.0.3 and 1.0.4; earlier versions are unaffected.
The implementation of this feature in the Mozilla Suite is also unaffected.
Workaround
Disable Javascript, or save the image as a file first and then use the OS's
features to make the image your desktop wallpaper.
References
http://www.mikx.de/firewalling/
https://bugzilla.mozilla.org/show_bug.cgi?id=292737