Mozilla security chief confirms data leakage bug in Firefox
Help on the way
Posted in Security, 24th January 2008 05:26 GMT
Mozilla's chief of security has confirmed a vulnerability that could cause fully patched versions of Firefox to expose a user's private data.
The confirmation, which was posted here by Mozilla's Window Snyder, follows the release of proof-of-concept code by researcher Gerry Eisenhaur.
The bug resides in Firefox's chrome protocol scheme and allows for a directory traversal when certain types of extensions are installed. Attackers could use it to detect if certain programs or files are present on a machine, gaining information to use in perpetrating another, more malicious exploit.
Normally, Firefox's chrome package is restricted to a limited number of directories, but a bug in the way it handles escaped sequences (i.e. %2e%2e%2f) allows attackers to escape those confines and access more sensitive parts of a user's computer. The exploit only works if a user has made use of Firefox extensions that are "flat," this is, those that don't package their files in a jar archive. Examples of flat add-ons include Download Statusbar and Greasemonkey.
Mozilla bug squashers have rated the severity as normal and are working on a fix. In the meantime, Firefox users can protect themselves by using the NoScript extension, which will prevent the traversal attacks from working. ®
Story updated to correct information about NoScript.
Send corrections
The state of endpoint protection
The Evolving Security Landscape
The Register's Green Computing Debate
The Register Guide to email security
The Register 2007 Tech Barometer
