Security researcher David James reported that a
content window which is opened by a chrome window retains a reference
to the chrome window via the window.opener
property. Using
this reference, content in the new window can access functions
inside the chrome window, such as eval
, and use these
functions to run arbitrary JavaScript code with chrome privileges. In
a stock Mozilla browser a remote attacker can not cause these application
dialogs to appear nor to automatically load the attack code that takes advantage
of this flaw in window.opener
. There may be add-ons which open
potentially hostile web-content in this way, and combined with such an add-on the
severity of this flaw could be upgraded to Critical.