Firefox Popup Blocker has security hole

Reads Arbitrary Local Files

By Nick Farrell

Wed Feb 07 2007, 07:38

SECURITY EXPERT Michal Zalewski has found a flaw in the default behaviour of Firefox's built-in popup blocker.

The vulnerability allows an attacker to read arbitrary user-accessible files on the system, and could help them steal some fairly sensitive information.

Writing here, Zalewski said that the problem seems to affect Firefox version 1.5.0.9.

For security reasons, Firefox does not allow Internet-originating websites to access the file:// namespace. When a user allows a blocked popup normal URL, permission checks are bypassed.

All it takes is for the attacker may fool the browser to parse a chosen HTML document stored on the local filesystem. Firefox security manager treats all file:/// URLs as having "same origin", such a document could read other local files at its discretion with the use of XMLHttpRequest, and relay that information to a remote server.

More here. µ

Newly patched Safari flaws pose serious risks A proof-of-concept remote code execution exploit is available Thursday, 13 October 2011, 11:26 AM Read more	Mozilla thinks of blocking Java to mitigate BEAST attack Needs to stop same origin policy bypass Thursday, 29 September 2011, 11:45 AM Read more
Adobe patches critical vulnerabilities in Flash Player Attacks are already seen in the wild Thursday, 22 September 2011, 10:06 AM Read more	Chrome OS users are at risk Browser extensions are bad for you Thursday, 4 August 2011, 14:42 PM Read more
$5,000 of bounties are offered in Metasploit exploit race Google Chrome evades exploiters' attempts Thursday, 16 June 2011, 11:58 AM Read more	Pwn2own hackers finally break into Google Chrome Using a sophisticated exploit Tuesday, 10 May 2011, 12:01 PM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Information Security Manag

My client is a well establi...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Firefox Popup Blocker has security hole

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

HP Envy 14 Spectre video demo