|
-
January 30th, 2008, 04:46 PM
#1
Unpatched Firefox flaw now rated "Highly Severe"
Unpatched Firefox flaw now rated "Highly Severe"
http://blogs.zdnet.com/security/?p=841&tag=nl.e539
Mozilla has given a proof of concept Firefox vulnerability a “high severity” rating because an attacker can collect session information such as cookies and history, according to Mozilla security chief Window Snyder.
Snyder said the vulnerability will be patched with Firefox 2.0.0.12, which will be pushed out “shortly.”
On Jan. 22, Snyder confirmed a proof of concept vulnerability discovered by researcher Gerry Eisenhaur on Jan. 19. Simply put, Firefox leaks information that can allow an attacker to load any javascript file on a machine. This “chrome protocol directory transveral” is in play whenever there are “flat” files–common in add ons–are installed. Chances are good that most Firefox users will have at least a few of these add ons installed. That’s a lot of data leakage.
Similar Threads
-
By Egaladeist in forum Miscellaneous Security Discussions
Replies: 1
Last Post: December 12th, 2005, 12:50 AM
-
By intmon in forum Security News
Replies: 5
Last Post: September 13th, 2005, 07:31 AM
-
By Egaladeist in forum Security News
Replies: 2
Last Post: September 10th, 2005, 06:04 PM
-
By Black Cluster in forum Miscellaneous Security Discussions
Replies: 8
Last Post: June 12th, 2005, 04:18 AM
-
By SDK in forum Spyware / Adware
Replies: 12
Last Post: February 9th, 2005, 08:11 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote