Mozilla Corp. bumped up the threat ranking for an unpatched Firefox bug to "high" Tuesday, but promised a fix is coming in Version 220.127.116.11, now slated for release on Feb. 5. The company's head of security, Window Snyder, confirmed that the browser, when running any of more than 600 add-ons, can be exploited to steal "session information, including session cookies and session history."
Snyder's acknowledgment followed an update by Gerry Eisenhaur, the researcher who first reported the Firefox problem. "There seems to be some confusion about what exactly the severity of this vulnerability is," Eisenhaur said on his hiredhacker.com blog. "This is not a chrome privilege escalation, but it [is] worse than just leaking some variables. I created another demo to read the sessionstore.js file. This will display information regarding your current session, [including] windows, tabs, cookies, etc."
View: The full story @ PCWorld