To understand why the example works, one must understand the basics of how Firefox works. Everything you see in firefox is essentially a webpage being rendered by a compiler. This is what the gui is made of, and this is why firefox is so easy to customize. However, it also allows for some security bugs. If one could get one of the chrome pages to request a javascript:[script] url, that individual would be given complete access to the system because chrome urls are given full rights in firefox.

The Mozilla Team and Greyhat Security wanted to keep this one under wraps till a fix was available, but as usual the best laid plans etc.

Now the world knows, and how long before unsuspecting people get caught out?

Thankfully, Mozilla have made some changes to their Addons website so that the official site can no longer be involved, but if you add another site (such as extensionmirror) to your whitelist you can be hacked.

Secunia has this to report.

Firefox 1.0.4 will be on its way soon, but before that comes out, if you remove all entries from your whitelist apart from addons.mozilla.org then you should be safe - or you can disable "Allow websites to install software".