Mozilla security chief confirms data leakage bug in Firefox
Mozilla's chief of security has confirmed a vulnerability that could cause fully patched versions of Firefox to expose a user's private data.
The confirmation, which was posted here by Mozilla's Window Snyder, follows the release of proof-of-concept code by researcher Gerry Eisenhaur.
Click here to find out more!
The bug resides in Firefox's chrome protocol scheme and allows for a directory traversal when certain types of extensions are installed. Attackers could use it to detect if certain programs or files are present on a machine, gaining information to use in perpetrating another, more malicious exploit.
Normally, Firefox's chrome package is restricted to a limited number of directories, but a bug in the way it handles escaped sequences (i.e. %2e%2e%2f) allows attackers to escape those confines and access more sensitive parts of a user's computer.
The exploit only works if a user has made use of Firefox extensions that are "flat," this is, those that don't package their files in a jar archive. Examples of flat add-ons include Download Statusbar and Greasemonkey.
Mozilla bug squashers have rated the severity as normal and are working on a fix. In the meantime, Firefox users can protect themselves by using the NoScript extension.
As long as an attacking website hasn't been added to a user's list of trusted sites, it should prevent the traversal attacks from working
Return to internet news headlines
View Internet News Archive