Unpatched Firefox flaw now rated "Highly Severe"
Results 1 to 3 of 3

Thread: Unpatched Firefox flaw now rated "Highly Severe"

  1. #1
    Join Date
    Aug 2001

    Unpatched Firefox flaw now rated "Highly Severe"

    Unpatched Firefox flaw now rated "Highly Severe"


    Mozilla has given a proof of concept Firefox vulnerability a “high severity” rating because an attacker can collect session information such as cookies and history, according to Mozilla security chief Window Snyder.

    Snyder said the vulnerability will be patched with Firefox, which will be pushed out “shortly.”

    On Jan. 22, Snyder confirmed a proof of concept vulnerability discovered by researcher Gerry Eisenhaur on Jan. 19. Simply put, Firefox leaks information that can allow an attacker to load any javascript file on a machine. This “chrome protocol directory transveral” is in play whenever there are “flat” files–common in add ons–are installed. Chances are good that most Firefox users will have at least a few of these add ons installed. That’s a lot of data leakage.

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Really? Forget the firefox flaw... the security chief at Mozilla is named Window???? OMG, IT'S A CONSPIRACY, I TELL YA!!!!!
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    Senior Member
    Join Date
    Dec 2007
    And for the rest who have been living under a rock, snyder was in a senior security position at microsoft before she moved to mozilla...

Similar Threads

  1. OPPS! We made a mistake...no security flaw in Firefox 1.5
    By Egaladeist in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: December 11th, 2005, 11:50 PM
  2. Unpatched Firefox flaw may expose users
    By intmon in forum Security News
    Replies: 5
    Last Post: September 13th, 2005, 07:31 AM
  3. Mozilla offers temporary fix for Firefox flaw
    By Egaladeist in forum Security News
    Replies: 2
    Last Post: September 10th, 2005, 06:04 PM
  4. Latest Firefox reintroduces 7-year-old security flaw
    By Black Cluster in forum Miscellaneous Security Discussions
    Replies: 8
    Last Post: June 12th, 2005, 04:18 AM
  5. Replies: 13
    Last Post: February 9th, 2005, 07:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts