A few hours after the release, a hacker has discovered the flaw, where he recommends using the NoScript plugin. In the mean time you can either use another browser, or install the NoScript plugin to mitigate these issues.
"Don't patch vulnerabilities for fifty percent, take the time and fix the cause. Because directory traversal through plugins is all nice and such, we don't need it. We can trick Firefox itself in traversing directories back. I found another information leak that is very serious because we are able to read out all preferences set in Firefox, or just open or include about every file stored in the Mozilla program files directory, and this without any mandatory settings or plugins.," said Ronald van den Heetkamp to Mozilla.
A proof of concept is available at this web site https://www.0x000000.com
8 Comments - Add comment