No computer that is connected to the Internet is fully immune to all types of attacks, no matter what browser or security software is running.  Mozilla has found a new exploit contained in fully patched versions of Firefox that could allow an attacker to load any javascript file.

Chief of security for Mozilla, Window Synder, explains the bug on the Security Blog,

When a chrome package is “flat” rather than contained in a .jar the directory traversal allows escaping the extensions directory and reading files in a predictable location on the disk.  Many add-ons are packaged in this way.

A visited attacking page is able to load images, scripts, or stylesheets from known locations on the disk.  Attackers may use this method to detect the presence of files which may give an attacker information about which applications are installed.  This information may be used to profile the system for a different kind of attack.

Some extensions may store information in Javascript files and an attacker may be able to retrieve those.  Greasemonkey user scripts may be retrieved using this method.  Session storage and preferences are not readable through this technique.

Users are only at risk if they have one of the “flat” packaged add-on installed.  Examples of popular add-ons that are vulnerable include: Download Statusbar and Greasemonkey.

Mozilla does not consider this to be a serious threat, yet and has opened a bug on it.  HiredHacker has posted proof of concept code.

---

Related:

Firefox hack can expose your Google account

Mozilla: Firefox 3 "almost ready," due for final release in June

New Gmail vulnerability exposed

JavaScript performance boost coming to Firefox

Mozilla issues critical Firefox security updates

Stumble It!

Entry was posted on Wednesday, January 23rd, 2008 at 10:36 am under Firefox, Security.  Print This Post

Read more entries by Jonathan Schlaffer.