Firelinking: Remote Code Execution via Favicon Functionality

Firelinking: Remote Code Execution via Favicon Functionality

CVE-2005-1155 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."

Learn more about our Web Application Penetration Testing UK.