It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla.
It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?).
It’s rated as low risk, but it can give away the existence of files (if the attacker knows the name and location).
The bug resides in Firefox’s chrome protocol scheme and allows for a directory traversal when certain types of extensions are installed. Attackers could use it to detect if certain programs or files are present on a machine, gaining information to use in perpetrating another, more malicious exploit.
Normally, Firefox’s chrome package is restricted to a limited number of directories, but a bug in the way it handles escaped sequences (i.e. %2e%2e%2f) allows attackers to escape those confines and access more sensitive parts of a user’s computer. The exploit only works if a user has made use of Firefox extensions that are “flat,” this is, those that don’t package their files in a jar archive. Examples of flat add-ons include Download Statusbar and Greasemonkey.
You can protect yourself by using NoScript, which I would guess most of you guys are using already.
The open bug can be found here.
Source: The Register
- drozer – The Leading Security Testing Framework For Android
- Twitter Vulnerability Allows Deletion Of Payment Details
- Twitter Bug Bounty Official – Started Paying For Bugs
- Firefox Patches 8 Security Vulnerabilities with 184.108.40.206
- Hackers Exploit Unpatched Firefox 0day Using Nobel Peace Prize Website
- Mozilla Beats Apple & Microsoft to Pwn2Own Patch For Firefox
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 227,559 views
- AJAX: Is your application secure enough? - 119,114 views
- eEye Launches 0-Day Exploit Tracker - 85,060 views