- Steve Jobs is a man of a few words
- Internet routing blasts into space
- 15 free downloads to pep up your old PC
- IBM smartphone software translates 11 languages
- New attack fells Internet Explorer
A flaw in the pop-up blocker of the open source browser Firefox could allow an attacker to access local files, according to security analysts.
The flaw, however, does not affect Firefox 2.0, the latest version of the browser, but Version 1.5.0.9, according to Beyond Security, which credited the find to Michal Zalewski.
The attack could occur if a user manually allows a pop-window to appear. The browser normally blocks access to local files, but when a pop-up is manually allowed, "normal URL permission checks are bypassed," Beyond Security said.
To make the hack work, however, a malicious file containing the exploit code would have to already be on the system, the advisory said. The file could be planted on the system by enticing a user to click on a link that would download the file.
The malicious file could then enable access to other files, which could be transferred to a remote server. Mozilla, the distributor of Firefox, could not immediately comment on the report.
Comments (1)
RE: Pop-up blocker problem found in Firefox browserBy Bill Graham on July 8, 2007, 5:02 amI have now got a problem with my Firefox browser; and it happened right after I let in a pop-up from the Los Angeles Angels of Anaheim Official MLB site. And now...
Reply | Read entire comment
View all comments