Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

Latest News

Mozilla admits Firefox extension threat

 
Gallery

Posted on 24 Jan 2008 at 07:58

Mozilla has admitted that a bug in Firefox could allow hackers access to personal data, even if a user is running a fully patched browser.

The vulnerability affects certain extensions, and allows an attacker to probe for files on a user's hard disk.

Some extensions are granted access to specific local directories, but the vulnerability allows code to explore outside of these confines and test for the presence of certain files.

"A visited attacking page is able to load images, scripts, or stylesheets from known locations on the disk. Attackers may use this method to detect the presence of files which may give an attacker information about which applications are installed," says Mozilla security expert, Window Snyder, in a blog post.

This information could give attackers a way to break into a system using known vulnerabilities in other software, warns Snyder.

Users are only at risk if they have one of the "flat" packaged add-ons installed, such as Download Statusbar and Greasemonkey.

Earlier this month it emerged that another security vulnerability in Firefox 2.0.0.11 could be used to trick users into divulging passwords for online services.

Author: Matthew Sparkes

Be the first to comment this article

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest Reviews Subscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
SIGN UP

Your email:

Your password:

remember me

Create an account

advertisement


Hitwise Top 10 Website 2008