Published in News

New Firefox, new vulnerability

by on11 February 2008

Image

Whoops!


Hours
after the release of Firefox 2.0.0.12 it has been discovered that there is a vulnerability by default.

The upgrade had a fix for numerous other vulnerabilities. But according to the HackerZine it has a major hole in it. Apparently, there is an information leak that is very serious because it can read all preferences set in Firefox, or just open or include about every file stored in the Mozilla program files directory, and this without any mandatory settings or plugins.

The hole uses the 'view-source:' scheme that allows hackers to source out the 'resource:' scheme. It does not take hackers long to come up with an attack vector, the article says. Until the Firefox team comes up with a patch, it is probably better to use the NoScript plugin.
Last modified on 11 February 2008
Rate this item
(0 votes)