TulipTools Internet Business Owners and Online Sellers Community

TulipTools Internet Business Owners and Online Sellers Community > Operating Systems, Browsers, and Email Clients > Operating Systems, Browsers, and Email Clients and Services > Internet Browsers > Mozilla Browsers: Firefox, Mozilla, Netscape > Security Hole: Firefox Popup Blocker Vulnerability Allows Reading of Local Files
Full Version: Security Hole: Firefox Popup Blocker Vulnerability Allows Reading of Local Files
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mandy

02-07-2007, 10:30 AM
Quote:Vulnerable Systems:
* Firefox version 1.5.0.9

For security reasons, Firefox does not allow Internet-originating websites to access the file:// namespace. When the user chooses to manually allow a blocked popup however, normal URL permission checks are bypassed. The attacker may fool the browser to parse a chosen HTML document stored on the local filesystem, and because Firefox security manager treats all file:/// URLs as having "same origin", such a document could read other local files at its discretion with the use of XMLHttpRequest, and relay that information to a remote server.

Now, to make the attack effective, the attacker would need to plant a predictably named file with exploit code on the target system. This sounds hard, but isn't: Firefox sometimes creates outright deterministic temporary filenames in system-wide temporary directory when opening files with external applications...

full article: http://www.securiteam.com/securitynews/5JP051FKKE.html
TulipTools Internet Business Owners and Online Sellers Community > Operating Systems, Browsers, and Email Clients > Operating Systems, Browsers, and Email Clients and Services > Internet Browsers > Mozilla Browsers: Firefox, Mozilla, Netscape > Security Hole: Firefox Popup Blocker Vulnerability Allows Reading of Local Files