It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla.
It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?).
It’s rated as low risk, but it can give away the existence of files (if the attacker knows the name and location).
The bug resides in Firefox’s chrome protocol scheme and allows for a directory traversal when certain types of extensions are installed. Attackers could use it to detect if certain programs or files are present on a machine, gaining information to use in perpetrating another, more malicious exploit.
Normally, Firefox’s chrome package is restricted to a limited number of directories, but a bug in the way it handles escaped sequences (i.e. %2e%2e%2f) allows attackers to escape those confines and access more sensitive parts of a user’s computer. The exploit only works if a user has made use of Firefox extensions that are “flat,” this is, those that don’t package their files in a jar archive. Examples of flat add-ons include Download Statusbar and Greasemonkey.
You can protect yourself by using NoScript, which I would guess most of you guys are using already.
The open bug can be found here.
Source: The Register