Firefox popup exploit allows file snooping

A vulnerability in Firefox's popup blocker software creates a means to read files from affected systems, security researchers warn. The flaw, coupled with some tricksy coding, establishes a mechanism for hackers to read user-accessible files on vulnerable system, thereby creating a means to swipe sensitive information. Firefox version 1.5.0.9 is known to be exposed to the exploit. Other versions of the popular web surfing package might also be affected.

The vulnerability was discovered by security researcher Michal Zalewski who said the exploit relies in part on the fact that normal URL permission checks, which would stop remote sites from accessing a user's filespace, are bypassed when a user chooses to manually allow a blocked popup.

View: The full story
News source: The Reg

Report a problem with article
Previous Story

Hackers Sift Gaming, Social Networking Sites for Victims

Next Story

ITN On makes early use of Windows upgrade

3 Comments

Commenting is disabled on this article.

Wait, so the exploit only occurs when I manually open a popup that was already blocked? Like theres any chance of me doing that much anyway on a site I don't trust. I don't see this as a big deal.

What about 2.0? It's the easiest version to test, because it's right there on www.getfirefox.com... Yet still, no comment is made about it. Maybe they tried it and it didn't work, but still they chose not to say so to make the story more sensationalist?

And who allows popups on illegitimate sites anyway?