Privilege escalation through chrome-loaded about:blank windows

2007-07-30T00:00:00
ID MFSA2007-26
Type mozilla
Reporter Mozilla Foundation
Modified 2007-07-30T00:00:00

Description

Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create "about:blank" windows and populate them in certain ways (including implicit "about:blank" document creation through data: or javascript: URLs in a new window).