It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla.
It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?).
It’s rated as low risk, but it can give away the existence of files (if the attacker knows the name and location).
The bug resides in Firefox’s chrome protocol scheme and allows for a directory traversal when certain types of extensions are installed. Attackers could use it to detect if certain programs or files are present on a machine, gaining information to use in perpetrating another, more malicious exploit.
Normally, Firefox’s chrome package is restricted to a limited number of directories, but a bug in the way it handles escaped sequences (i.e. %2e%2e%2f) allows attackers to escape those confines and access more sensitive parts of a user’s computer. The exploit only works if a user has made use of Firefox extensions that are “flat,” this is, those that don’t package their files in a jar archive. Examples of flat add-ons include Download Statusbar and Greasemonkey.
You can protect yourself by using NoScript, which I would guess most of you guys are using already.
The open bug can be found here.
Source: The Register
- Pinterest Bug Bounty Program Starts Paying
- Rowhammer – DDR3 Exploit – What You Need To Know
- Santoku Linux – Mobile Forensics, Malware Analysis, and App Security Testing LiveCD
- Firefox Patches 8 Security Vulnerabilities with 220.127.116.11
- Hackers Exploit Unpatched Firefox 0day Using Nobel Peace Prize Website
- Mozilla Beats Apple & Microsoft to Pwn2Own Patch For Firefox
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 229,926 views
- AJAX: Is your application secure enough? - 119,453 views
- eEye Launches 0-Day Exploit Tracker - 85,214 views