Home
Home

Directory
Directory

Articles
Internet News
Security News
Ecommerce News
Domain News

Site Tools
Site Speed Test
Keyword Research
Resolve Hostname
DNS Tools
Register Domains
Affiliate Programs
Open Source

Shopping Carts
Cart Reviews
SSL Certificates

Enter your email address to subscribe to our updates:

Delivered by FeedBurner


Venue Charts
Channel Traffic Rankings
OAI Stock Quotes and Charts
eBay's Worst Feedback

Forum
Forum Home
TulipTools News
Advertising
Blogging
Computer Hardware
Domain Names
Ecommerce
Financing
Int'l Trading
Graphics and HTML
Internet Access
Legal Issues
Internet Business
Auction Sites
Classified Ad Sites
Fixed Price Venues
Operating Systems
Programming
Search Engines
Internet Security
Software
Web Hosting
Webmaster Issues
Reviews
Announcements
Off Topic Discussion

Web Hosting
TulipHosting

Domain Names
TulipDomains

Web Stats
TulipStats

Forum Rules
Forum Rules
Privacy Policy

Site Map
Forum Sitemap
Sitemap Topics




Directory| Forums| Internet News|Cart Reviews| DNS Tools| Keyword Research| Site Speed Test| Security| | Domain Marketplace| Domain Blog
TulipTools Internet Business Owners and Online Sellers Community
  • Home
  • Search
  • Member List
  • Calendar
Hello There, Guest! Login Register
TulipTools Internet Business Owners and Online Sellers Community › Operating Systems, Browsers, and Email Clients › Operating Systems, Browsers, and Email Clients and Services › Internet Browsers › Mozilla Browsers: Firefox, Mozilla, Netscape v
1 2 3 Next »

Security Hole: Firefox Popup Blocker Vulnerability Allows Reading of Local Files

  
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode | Linear Mode
Security Hole: Firefox Popup Blocker Vulnerability Allows Reading of Local Files
02-07-2007, 10:30 AM,
Post: #1
mandy Offline
Administrator
*******
 		Posts: 9,932
Likes Given: 0
Likes Received: 6 in 5 posts
Joined: Feb 2011
Reputation: 0
Security Hole: Firefox Popup Blocker Vulnerability Allows Reading of Local Files
Quote:Vulnerable Systems:
* Firefox version 1.5.0.9

For security reasons, Firefox does not allow Internet-originating websites to access the file:// namespace. When the user chooses to manually allow a blocked popup however, normal URL permission checks are bypassed. The attacker may fool the browser to parse a chosen HTML document stored on the local filesystem, and because Firefox security manager treats all file:/// URLs as having "same origin", such a document could read other local files at its discretion with the use of XMLHttpRequest, and relay that information to a remote server.

Now, to make the attack effective, the attacker would need to plant a predictably named file with exploit code on the target system. This sounds hard, but isn't: Firefox sometimes creates outright deterministic temporary filenames in system-wide temporary directory when opening files with external applications...

full article: http://www.securiteam.com/securitynews/5JP051FKKE.html
Like Post Reply
[+]
« Next Oldest | Next Newest »




Possibly Related Threads…
Thread Author Replies Views Last Post
  Firefox 3 handling of SSL certificates is bad for the Web mandy 0 2,314 08-04-2008, 01:28 PM
Last Post: mandy
  Mozilla Releases Firefox 3 mandy 21 10,090 06-13-2008, 12:09 PM
Last Post: mandy
  Study: Firefox and Opera Users Have Higher IQs Than Internet Explorer Users mandy 0 2,174 05-27-2008, 12:08 PM
Last Post: mandy
  Firefox: Faster Than a Speeding Bullet? BellisimaJ. 0 2,092 04-26-2008, 02:12 PM
Last Post: BellisimaJ.
  Flaw in how Firefox handles log-ons leaves passwords vulnerable to ID thieves mandy 0 2,162 01-05-2008, 10:34 AM
Last Post: mandy
  Mozilla announces Firefox for Mobiles Kristijntje 0 2,719 10-10-2007, 03:20 PM
Last Post: Kristijntje
  Why Firefox is Blocked BellisimaJ. 14 6,484 09-16-2007, 08:35 PM
Last Post: bargainbloodhound
  Password vulnerability in Firefox 2.0.0.5 mandy 0 2,275 07-24-2007, 09:24 AM
Last Post: mandy
  Firefox: 20 tweaks for speeding up page loads, reducing memory drain mandy 1 2,994 05-31-2007, 08:02 AM
Last Post: accentnepal
  Ten Firefox Extensions to Avoid: FasterFox, GreaseMonkey, NoScript, and more Kristijntje 1 4,555 05-28-2007, 01:07 PM
Last Post: BellisimaJ.

  • View a Printable Version
  • Send this Thread to a Friend
  • Subscribe to this thread
Forum Jump:


Users browsing this thread: 1 Guest(s)
  • Contact Us
  • TulipTools Internet Business Owners and Online Sellers Community
  • Return to Top
  • Lite (Archive) Mode
  • RSS Syndication
  • Help
Current time: 03-26-2023, 04:07 PM Powered By MyBB, © 2002-2023 MyBB Group. Theme created by Justin S.
powered by Apache

powered by Linuxpowered by CentOS

Copyright 2000-2013 TulipTools.com. All rights reserved.