The install function in Firefox 1.0.3 allows remote web sites on the browser’s whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
greyhatsecurity.org/firefox.htm
greyhatsecurity.org/vulntests/ffrc.htm
marc.info/?l=full-disclosure&m=111553138007647&w=2
marc.info/?l=full-disclosure&m=111556301530553&w=2
secunia.com/advisories/15292
securitytracker.com/id?1013913
www.kb.cert.org/vuls/id/648758
www.mozilla.org/security/announce/mfsa2005-42.html
www.redhat.com/support/errata/RHSA-2005-434.html
www.redhat.com/support/errata/RHSA-2005-435.html
www.securityfocus.com/bid/13544
www.securityfocus.com/bid/15495
www.vupen.com/english/advisories/2005/0493
bugzilla.mozilla.org/show_bug.cgi?id=292691
bugzilla.mozilla.org/show_bug.cgi?id=293302
exchange.xforce.ibmcloud.com/vulnerabilities/20443
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231