If an attacker can convince a victim to use the "Set As Wallpaper" context
menu item on a specially crafted image then they can run arbitary code on the
eval() statement and such an image would get the "broken image" icon, but with
CSS it could be made transparent and placed on top of a real image.The attacker would have to convince the user to change their desktop background
to the exploit image, and to do so by using the Firefox context menu rather than
first saving the image locally and using the normal mechanism provided by their
operating system.This affects only Firefox 1.0.3 and 1.0.4; earlier versions are unaffected.
The implementation of this feature in the Mozilla Suite is also unaffected.