Mozilla Foundation Security Advisory 2010-13

Mozilla Foundation Security Advisory 2010-13

Title: Content policy bypass with image preloading
Impact: Moderate
Announced: March 23, 2010
Reporter: Josh Soref, Nokia
Products: Firefox 3.6

Fixed in: Firefox 3.6.2
Description

Mozilla developer Josh Soref of Nokia reported that documents failed to call certain security checks when attempting to preload images. Although the image content is not available to the page, it is possible to specify protocols that are normally not allowed in a web page such as file:. This includes internal schemes implemented by add-ons that might perform privileged actions resulting in something like a Cross-Site Request Forgery (CSRF) attack against the add-on. Potential severity would depend on the add-ons installed.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=540642
* CVE-2010-0168