Mozilla Foundation Security Advisory 2005-37
Title: Code execution through javascript: faviconsSeverity: Critical
Reporter: Michael Krax
Products: Firefox, Mozilla Suite
Fixed in: Firefox 1.0.3
Mozilla Suite 1.7.7
Description
Firefox and the Mozilla Suite support custom "favicons" through the <LINK rel="icon"> tag. If a link tag is added to the page programmatically and a javascript: url is used, then script will run with elevated privileges and could run or install malicious software.Workaround
Disable javascript.References
http://www.mikx.de/firelinking/https://bugzilla.mozilla.org/show_bug.cgi?id=290036