Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerability In Firefox Popup Blocker

Posted by kdawson on from the all-your-files dept.

cj writes in with news of a vulnerability in Firefox's stock popup blocker discovered by Michal Zalewski. The vulnerability can allow a malicious user to read files from an affected system. The attacker would "need to plant a predictably named file with exploit code on the target system. This sounds hard, but isn't," according to the article.

7 of 100 comments (clear)

  1. Anyone knows if the 2.x tree is vulnerable too? by A+beautiful+mind · · Score: 5, Informative
    From TFA:

    Vulnerable Systems:
    * Firefox version 1.5.0.9
    Can anyone test?
    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
    1. Re:Anyone knows if the 2.x tree is vulnerable too? by rainman_bc · · Score: 3, Informative

      Is anyone still running 1.5.0? I thought the auto upgrade had handled that months ago.

      Fedora has no plans to officially release a 2.0 for FC6:

      http://fedoraproject.org/wiki/Firefox2

      "Fedora users will be to stay with Firefox 1.5 and wait for the Firefox 3.0 update"

      That's left me a bit annoyed personally... I like the changes to FF2...

      --
      09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    2. Re:Anyone knows if the 2.x tree is vulnerable too? by hal9000(jr) · · Score: 3, Informative

      Yep, on windows. I moved to FF2.0 when it came out, got hosed by java handling and other stuff, and jumped back to 1.5. I will wait a bit longer before I make the leap again.

  2. Right... by CasperIV · · Score: 4, Informative

    That was quite possibly the most ignorant statement I have read on slashdot recently. I'm not particularly partial to either Firefox or IE, but exploit for exploit, your statement has no merit. What will be the deciding factor will be how fast it is patched.

  3. Windows only? by jimbobborg · · Score: 5, Informative

    From the fine article:

    "When the user chooses to manually allow a blocked popup however, normal URL permission checks are bypassed. "

    So you have to MANUALLY disable the popup blocker on a site you don't know in order to make this work. Also, the article keeps talking about c:\whatever. It does not indicate if this is a vulnerability in a non-Windows system.

    1. Re:Windows only? by Tony+Hoyle · · Score: 5, Informative

      From the text it's hardcoded to a specific installation of Windows (not even the default config). It wouldn't work on most systems.

  4. Fixed by Anonymous Coward · · Score: 5, Informative

    Already fixed: https://bugzilla.mozilla.org/show_bug.cgi?id=36942 7