Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Pop-up blocker problem found in Firefox browser

By Jeremy Kirk , IDG News Service , 02/08/2007
Newsletter Signup
  • Share/Email
  • Tweet This
  • Comment
  • Print

A flaw in the pop-up blocker of the open source browser Firefox could allow an attacker to access local files, according to security analysts.

The flaw, however, does not affect Firefox 2.0, the latest version of the browser, but Version 1.5.0.9, according to Beyond Security, which credited the find to Michal Zalewski.

Defending Against the Insider Threat: Download this special report

The attack could occur if a user manually allows a pop-window to appear. The browser normally blocks access to local files, but when a pop-up is manually allowed, "normal URL permission checks are bypassed," Beyond Security said.

To make the hack work, however, a malicious file containing the exploit code would have to already be on the system, the advisory said. The file could be planted on the system by enticing a user to click on a link that would download the file.

Related Content

The malicious file could then enable access to other files, which could be transferred to a remote server. Mozilla, the distributor of Firefox, could not immediately comment on the report.

The IDG News Service is a Network World affiliate.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comments (1)
Login
Forgot your account info?

RE: Pop-up blocker problem found in Firefox browserBy Bill Graham on July 8, 2007, 5:02 amI have now got a problem with my Firefox browser; and it happened right after I let in a pop-up from the Los Angeles Angels of Anaheim Official MLB site. And now...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed