Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerability In Firefox Popup Blocker

Posted by kdawson on from the all-your-files dept.

cj writes in with news of a vulnerability in Firefox's stock popup blocker discovered by Michal Zalewski. The vulnerability can allow a malicious user to read files from an affected system. The attacker would "need to plant a predictably named file with exploit code on the target system. This sounds hard, but isn't," according to the article.

1 of 100 comments (clear)

  1. bullshit by tomstdenis · · Score: 1, Troll

    Firefox/mozilla/etc run as your user. At most this would be able to infect my user, not the system. Even in windows, if you don't run as root it should be the same deal.

    This exploit requires you to download the exploit code then, click on a link with file:/// with CTRL down (to turn off popup blocking). Sounds less like an exploit of firefox and more of the stupid user who runs things.

    Tom

    --
    Someday, I'll have a real sig.