Computing in the real world
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

News 

[PSUs]
Thursday 24th January 2008
Mozilla admits Firefox extension threat 7:58AM, Thursday 24th January 2008
Mozilla has admitted that a bug in Firefox could allow hackers access to personal data, even if a user is running a fully patched browser.

The vulnerability affects certain extensions, and allows an attacker to probe for files on a user's hard disk.

Some extensions are granted access to specific local directories, but the vulnerability allows code to explore outside of these confines and test for the presence of certain files.

"A visited attacking page is able to load images, scripts, or stylesheets
 
 
ADVERTISEMENT
from known locations on the disk. Attackers may use this method to detect the presence of files which may give an attacker information about which applications are installed," says Mozilla security expert, Window Snyder, in a blog post.

This information could give attackers a way to break into a system using known vulnerabilities in other software, warns Snyder.

Users are only at risk if they have one of the "flat" packaged add-ons installed, such as Download Statusbar and Greasemonkey.

Earlier this month it emerged that another security vulnerability in Firefox 2.0.0.11 could be used to trick users into divulging passwords for online services.
Matthew Sparkes

Submit to: Digg  |  Slashdot  |  Del.icio.us  |  Technorati

Related News


Back to top
Compare Broadband
Broadband?
Compare 50+ packages
Enter your postcode below:
Powered by:
Top 10 Broadband
› See more News
› See more Hot topics

Columns

Prolog:

Tim Danton believes that we Brits need to become a bit more American to succeed. › See full Opinion
› See more Columns
›  See more Research Papers