Mozilla admits Firefox extension threat
By Matthew Sparkes
Posted on 24 Jan 2008 at 07:58
Mozilla has admitted that a bug in Firefox could allow hackers access to personal data, even if a user is running a fully patched browser.
The vulnerability affects certain extensions, and allows an attacker to probe for files on a user's hard disk.
Some extensions are granted access to specific local directories, but the vulnerability allows code to explore outside of these confines and test for the presence of certain files.
"A visited attacking page is able to load images, scripts, or stylesheets from known locations on the disk. Attackers may use this method to detect the presence of files which may give an attacker information about which applications are installed," says Mozilla security expert, Window Snyder, in a blog post.
This information could give attackers a way to break into a system using known vulnerabilities in other software, warns Snyder.
Users are only at risk if they have one of the "flat" packaged add-ons installed, such as Download Statusbar and Greasemonkey.
Earlier this month it emerged that another security vulnerability in Firefox 18.104.22.168 could be used to trick users into divulging passwords for online services.
- How to get the Windows 10 Technical Preview, plus release date, features and latest news
- Why the Microsoft Band could be a game changer
- Windows 10 trackpad shortcuts: Microsoft takes a leaf out of Apple's book
- Internet tax: what it is and why it failed
- HP's vision for the future of PCs: the 3D Sprout
- Google Glass: mugger bait, pub problem and other lessons learned from two dangerous weeks
- Twitter, please don't fiddle with my feed
- How Satya Nadella can get some pay-raise karma
- Windows 10: a step back to go forward
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- How to sell more ebooks on Amazon
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office