Firefox 2.0.0.12 is still vulnerable to directory traversal

A few hours after the release, a hacker has discovered the flaw, where he recommends using the NoScript plugin. In the mean time you can either use another browser, or install the NoScript plugin to mitigate these issues.

"Don't patch vulnerabilities for fifty percent, take the time and fix the cause. Because directory traversal through plugins is all nice and such, we don't need it. We can trick Firefox itself in traversing directories back. I found another information leak that is very serious because we are able to read out all preferences set in Firefox, or just open or include about every file stored in the Mozilla program files directory, and this without any mandatory settings or plugins.," said Ronald van den Heetkamp to Mozilla.

A proof of concept is available at this web site http://www.0x000000.com

Report a problem with article
Previous Story

Yahoo! Live Launched !

Next Story

Flock 1.0.9

8 Comments

Commenting is disabled on this article.

I presume this affects Netscape 9.0.0.5 as well. Still no fixes in Netscape, and I guess there'll be none since it'll be discontinued in March. I presume SeaMonkey is affected as well.

The vulnerability talked about in the summary is (as I already pointed out in the comments for 2.0.0.12 in Software) near enough a non-vulnerability. The one on the front page of the linked website, on the other hand, is a little more newsworthy.

Just to clarify, with regards to the "directory traversal exploit":
1. This issue was not introduced in 2.0.0.12, it has been known about for some time and is a low priority issue because......
2. The only place this vulnerability can access is the Firefox folder in Program Files. Nothing of interest or security concern is stored here, only the default preferences file (not even your browser preferences). This vulnerability cannot access your profile directory in Documents and Settings, where your cookies, passwords etc are stored.

They should get around to fixing it, I just hate it when these things are blown out of all proportion.
The PoC currently on the front page of that site (the URI spoofing) is a little more interesting and dangerous, however, since that could in theory steal your user info (although, as is the case with all these things, it's very unlikely).

(Esvandiary said @ #2)
The vulnerability talked about in the summary is (as I already pointed out in the comments for 2.0.0.12 in Software) near enough a non-vulnerability. The one on the front page of the linked website, on the other hand, is a little more newsworthy.

Just to clarify, with regards to the "directory traversal exploit":
1. This issue was not introduced in 2.0.0.12, it has been known about for some time and is a low priority issue because......
2. The only place this vulnerability can access is the Firefox folder in Program Files. Nothing of interest or security concern is stored here, only the default preferences file (not even your browser preferences). This vulnerability cannot access your profile directory in Documents and Settings, where your cookies, passwords etc are stored.

They should get around to fixing it, I just hate it when these things are blown out of all proportion.
The PoC currently on the front page of that site (the URI spoofing) is a little more interesting and dangerous, however, since that could in theory steal your user info (although, as is the case with all these things, it's very unlikely).

It gets blown out of proportion because the open source "communist" (joke) propoganda machine kept pusing into people head how FF is the holy grail of security, stability and perfect coding when eventually it is not, it is however a fine example of how to support web standards and for customability options....

Tho I defiantly prefer Opera (faster and more secure) and Maxthon (fast and reliable)

This issue was not introduced in 2.0.0.12, it has been known about for some time and is a low priority issue because......

The article didn't say it was. It said "still", that doesn't mean introduced.

(cork1958 said @ #1)
Yay, Firefox!! :x

Errr, what is meant to happen on the example ? It doesn't effects my Firefox V1 ;s