Sales
0161 215 3700
0800 458 4545
Support
0800 230 0032
0161 215 3711

Firefox bug could expose users' personal data

Firefox bug could expose users' personal data

A flaw in the way the Firefox and Opera browsers handle an image file could allow attackers to see what websites users have visited.

The problem concerns how the two browsers handle a ".BMP," or bitmap, image file, according to an advisory written by Gynvael Coldwind of Vexillium, who posted a video illustrating the problem.

A malicious bitmap file can be created that pulls other information from the browsers' memory. Some of the information that can be captured is random, but at other times could be valuable, the advisory said.

"The harvested data contains various information including parts of other websites, users' favorites and history and other information," Vexillium said.

Using the "canvas" HTML tag supported by the browsers, an attacker can capture the data. Then, using JavaScript, the information can be sent to a remote server.

The flaw could also crash Firefox. The vulnerability affects Firefox 2.0.0.11 and previous versions of that browser as well as the beta version of Opera 9.50.


print this article

Return to internet news headlines
View Internet News Archive

Share with: