It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla.
It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?).
It’s rated as low risk, but it can give away the existence of files (if the attacker knows the name and location).
The bug resides in Firefox’s chrome protocol scheme and allows for a directory traversal when certain types of extensions are installed. Attackers could use it to detect if certain programs or files are present on a machine, gaining information to use in perpetrating another, more malicious exploit.
Normally, Firefox’s chrome package is restricted to a limited number of directories, but a bug in the way it handles escaped sequences (i.e. %2e%2e%2f) allows attackers to escape those confines and access more sensitive parts of a user’s computer. The exploit only works if a user has made use of Firefox extensions that are “flat,” this is, those that don’t package their files in a jar archive. Examples of flat add-ons include Download Statusbar and Greasemonkey.
You can protect yourself by using NoScript, which I would guess most of you guys are using already.
The open bug can be found here.
Source: The Register
Recent in Exploits/Vulnerabilities:
- Target CIO Beth Jacob Resigns After Huge Breach
- 2 Different Hacker Groups Exploit The Same IE 0-Day
- Researchers Crack 4096-bit RSA Encryption With a Microphone
- Firefox Patches 8 Security Vulnerabilities with 18.104.22.168
- Hackers Exploit Unpatched Firefox 0day Using Nobel Peace Prize Website
- Mozilla Beats Apple & Microsoft to Pwn2Own Patch For Firefox
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 224,576 views
- AJAX: Is your application secure enough? - 118,892 views
- eEye Launches 0-Day Exploit Tracker - 84,984 views