1/24/2008

Mozilla security chief confirms data leakage bug in Firefox

Filed under: — By Aviran Mordo @ 11:35 am

Mozilla’s chief of security has confirmed a vulnerability that could cause fully patched versions of Firefox to expose a user’s private data.

The confirmation, which was posted here by Mozilla’s Window Snyder, follows the release of proof-of-concept code by researcher Gerry Eisenhaur.

The bug resides in Firefox’s chrome protocol scheme and allows for a directory traversal when certain types of extensions are installed. Attackers could use it to detect if certain programs or files are present on a machine, gaining information to use in perpetrating another, more malicious exploit.

Normally, Firefox’s chrome package is restricted to a limited number of directories, but a bug in the way it handles escaped sequences (i.e. ../) allows attackers to escape those confines and access more sensitive parts of a user’s computer. The exploit only works if a user has made use of Firefox extensions that are “flat,” this is, those that don’t package their files in a jar archive. Examples of flat add-ons include Download Statusbar and Greasemonkey.

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress