Some joker just posted "Firefox 22.214.171.124 code execution exploit" on
Bugtraq with the body:
try this with Firefox 126.96.36.199
That link is the URL field from bug 334341 for which Secunia posted an
advisory on April 18.
bug 334341: https://bugzilla.mozilla.org/show_bug.cgi?id=334341
SA 19698: http://secunia.com/advisories/19698/
Because of the inflammatory subject ("Code execution") we may get
queries about this. It's not a new issue, refer back to secunia's
advisory. This has been patched and the fix will be released in the
upcoming Firefox 188.8.131.52 as can be seen in the bug. The latest 184.108.40.206
schedule is posted publicly on the wiki:
key facts about the bug:
* victim would have to right-click and select "view image"
on the broken image -- not a common thing to do.
* the attacker can only refer to files *already* on the victim's
machine in known locations. The attacker cannot supply arbitrary code
* We will not run files with an executable extension
* By default we ask the user if they want to run the external
handler, but for common media types the user
may have previously selected to open without asking and some
plugins install themselves as handlers.
Any "code execution" would require knowing an exploitable flaw in a
commonly-installed media handler, and if you knew one of those you could
exploit it directly off the web with an image, <embed> tag or "click
here" link. You would not futz around trying to save it on the user's
disk first and then try to convince the victim to do the uncommon
right-click "view image" action on it.