Mozilla has given a proof of concept Firefox vulnerability a "high severity" rating because an attacker can collect session information such as cookies and history, according to Mozilla security chief Window Snyder. Snyder said the vulnerability will be patched with Firefox 2.0.0.12, which will be pushed out "shortly." On Jan. 22, Snyder confirmed a proof of concept vulnerability discovered by researcher Gerry Eisenhaur on Jan. 19. Simply put, Firefox leaks information that can allow an attacker to load any javascript file on a machine. This "chrome protocol directory transveral" is in play whenever there are "flat" files–common in add ons–are installed. Chances are good that most Firefox users will have at least a few of these add ons installed. That's a lot of data leakage.
View: Full Story @ ZDNet
14 Comments - Add comment