News 

The vulnerability affects certain extensions, and allows an attacker to probe for files on a user's hard disk.

Some extensions are granted access to specific local directories, but the vulnerability allows code to explore outside of these confines and test for the presence of certain files.

"A visited attacking page is able to load images, scripts, or stylesheets

ADVERTISEMENT

from known locations on the disk. Attackers may use this method to detect the presence of files which may give an attacker information about which applications are installed," says Mozilla security expert, Window Snyder, in a blog post.

This information could give attackers a way to break into a system using known vulnerabilities in other software, warns Snyder.

Users are only at risk if they have one of the "flat" packaged add-ons installed, such as Download Statusbar and Greasemonkey.

Earlier this month it emerged that another security vulnerability in Firefox 2.0.0.11 could be used to trick users into divulging passwords for online services.