The patch status is “The vulnerabilities have been fixed in the CVS repository” which means it hasn’t been rolled into an official release yet, but will be soon.
“Secunia Advisory: SA14160
Critical: Less critical
Impact: Security Bypass, Cross Site Scripting, Manipulation of data
Where: From remote
Solution Status: Vendor Patch
mikx has discovered three vulnerabilities in Mozilla and Firefox, which can be exploited by malicious people to plant malware on a user’s system, conduct cross-site scripting attacks and bypass certain security restrictions.
1) Mozilla and Firefox validate an image against the “Content-Type” HTTP header, but uses the file extension from the URL when saving an image after a drag and drop event. This can e.g. be exploited to plant a valid image with an arbitrary file extension and embedded script code (e.g. .bat file) on the desktop by tricking a user into performing a certain drag and drop event.
2) Missing URI handler validation when dragging a “javascript:” URL to another tab can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an arbitrary site by tricking a user into dragging a malicious link to another tab.
3) An error in the restriction of URI handlers loaded via plugins can be exploited to link to certain restricted URIs (e.g. about:config).
This can further be exploited to trick a user into changing some sensitive configuration settings.
The vulnerabilities have been confirmed in Mozilla 1.7.5 and Firefox 1.0. Other versions may also be affected.
Solution:
The vulnerabilities have been fixed in the CVS repository.”
Full article: Secunia Advisory: SA14160
