Skip to navigation
Latest News

Mozilla admits Firefox extension threat

By Matthew Sparkes

Posted on 24 Jan 2008 at 07:58

Mozilla has admitted that a bug in Firefox could allow hackers access to personal data, even if a user is running a fully patched browser.

The vulnerability affects certain extensions, and allows an attacker to probe for files on a user's hard disk.

Some extensions are granted access to specific local directories, but the vulnerability allows code to explore outside of these confines and test for the presence of certain files.

"A visited attacking page is able to load images, scripts, or stylesheets from known locations on the disk. Attackers may use this method to detect the presence of files which may give an attacker information about which applications are installed," says Mozilla security expert, Window Snyder, in a blog post.

This information could give attackers a way to break into a system using known vulnerabilities in other software, warns Snyder.

Users are only at risk if they have one of the "flat" packaged add-ons installed, such as Download Statusbar and Greasemonkey.

Earlier this month it emerged that another security vulnerability in Firefox could be used to trick users into divulging passwords for online services.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
Be the first to comment this article

You need to Login or Register to comment.



Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing


Sponsored Links

Your email:

Your password:

remember me


Hitwise Top 10 Website 2010

PCPro-Computing in the Real World Printed from

Register to receive our regular email newsletter at

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.