Skip to comments.Mozilla says that flaw could lead to data leak
Posted on 01/24/2008 8:13:34 AM PST by ShadowAce
Mozilla is working to fix a browser flaw that could give attackers unauthorized access to data on a victim's machine.
The problem is similar to other data leakage flaws found in the open-source browser, according to researcher Gerry Eisenhaur, who first reported the problem on Saturday.
"Its also just a powerful way to do recon," he added.
Hackers have discovered a number of flaws in recent months that take advantage of the way that browsers pass information between different components within the Windows operating system. Some of these URI (Uniform Resource Identifier) protocol handler flaws have led to serious security problems for both Firefox and Internet Explorer.
This latest flaw affects only certain Firefox add-ons, such as the Download Statusbar or Greasemonkey, which store scripts in a fashion that lets them be discovered on the hard drive, said Window Snyder, Mozilla's security chief in a Wednesday blog posting.
Firefox is investigating the issue and has rated it as a low-severity problem, she said.
I still like firefox over IE.
Great, just great.
“This latest flaw affects only certain Firefox add-ons, such as the Download Statusbar or Greasemonkey,”
i use firefox but not those add-ons, so no big deal, and besides, i am sure the mozilla community will close the hole soon
Time to get rid of my plugins, eh?
I use Greasemonkey just to filter out a certain troll here on FR.
Me neither. I dont use ANY add-ons from FF and I use it over IE everytime.
I hate those search bar add-ons like that as a general rule.
It is amazing how fast pages load without the ads.
Thnks for the advice. Ill try that.
I run firefox in safe mode: no add-ons and less memory usage.
With the tech economy doing pretty well, the “volunteers” these open source products needs aren’t so available.
I'm not giving up my FRTrollBlocker Greasemonkey script!
Sounds to me like this attack could give up my list of trolls.
I also use the "noscript" extension, though it is sometimes a PITA, so that helps a bit as well.
Is Thunderbird the FF mail program? I'm still using Eudora but was going to change to TB when I get my new iMac...
Thunderbird is a separate mail program, also produced by Mozilla.
I think I just had a greasemonkey update yesterday, and a noscript today.
I guess those Chinese slaves used to write open source are busy. ;-)
Thanks for the script btw, Its been off for a month but ort seems to be back..
Mozilla has a paid staff as does RedHat and IBM who work on OSS projects..