Firefox bug could lead to data leaks

Posted on Friday, Jan 25 2008 @ 04:00 CET by Thomas De Maesschalck
Mozilla says it's working on a fix for a flaw in Firefox that could give malicious users access to data on your PC.
The problem is similar to other data leakage flaws found in the open-source browser, according to researcher Gerry Eisenhaur, who first reported the problem on Saturday.

Eisenhaur has posted sample code that reads the contents of a Mozilla Thunderbird preferences file, but he believes that attackers could get access to more information with variations on his attack. "It's possible to load any JavaScript file on a victim's machine," he wrote in his blog posting. "This looks very interesting and may have bigger potential, but for now, it's just another information disclosure [flaw]."

"It could become something more if there was an application that stored sensitive data inside JavaScript files," he said via instant message. "Some plugins have been known to store usernames and passwords."

"Its also just a powerful way to do recon," he added.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments