Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerability In Firefox Popup Blocker

Posted by kdawson on from the all-your-files dept.

cj writes in with news of a vulnerability in Firefox's stock popup blocker discovered by Michal Zalewski. The vulnerability can allow a malicious user to read files from an affected system. The attacker would "need to plant a predictably named file with exploit code on the target system. This sounds hard, but isn't," according to the article.

4 of 100 comments (clear)

  1. Anyone knows if the 2.x tree is vulnerable too? by A+beautiful+mind · · Score: 5, Informative
    From TFA:

    Vulnerable Systems:
    * Firefox version 1.5.0.9
    Can anyone test?
    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
  2. Windows only? by jimbobborg · · Score: 5, Informative

    From the fine article:

    "When the user chooses to manually allow a blocked popup however, normal URL permission checks are bypassed. "

    So you have to MANUALLY disable the popup blocker on a site you don't know in order to make this work. Also, the article keeps talking about c:\whatever. It does not indicate if this is a vulnerability in a non-Windows system.

    1. Re:Windows only? by Tony+Hoyle · · Score: 5, Informative

      From the text it's hardcoded to a specific installation of Windows (not even the default config). It wouldn't work on most systems.

  3. Fixed by Anonymous Coward · · Score: 5, Informative

    Already fixed: https://bugzilla.mozilla.org/show_bug.cgi?id=36942 7