Escalation of privilege with Javascript: URL as home page

ID MFSA2012-16
Type mozilla
Reporter Mozilla Foundation
Modified 2012-03-13T00:00:00


Security researcher Mariusz Mlynski reported that an attacker able to convince a potential victim to set a new home page by dragging a link to the "home" button can set that user's home page to a javascript: URL. Once this is done the attacker's page can cause repeated crashes of the browser, eventually getting the script URL loaded in the privileged about:sessionrestore context.