Mozilla Foundation Security Advisory 2005-55
Title: XHTML node spoofing
Severity: High
Reporter: moz_bug_r_a4
Products: Firefox, Mozilla Suite
Fixed in: Firefox 1.0.5
Mozilla Suite 1.7.9
Description
Parts of the browser UI relied too much on DOM node names without taking
different namespaces into account and verifying that the node was really
of the expected type. An XHTML document could be used, for example, to
create fake ![]()
elements with content-defined properties that will
be accessed as if they were the trusted built-in properties of the expected
HTML elements.
The severity of the vulnerability would depend on what the attacker could
convince the victim to do, but could result in executing user-supplied
script with elevated "chrome" privileges. This could be used to install
malicious software on the victim's machine.
Workaround
Disable Javascript.
References
https://bugzilla.mozilla.org/show_bug.cgi?id=298892