Quantcast
WebProNews Ad Rates Click Now!
750×100
Read WebProNews
With Friends!

Rough Week For Firefox Team

By · July 19, 2005 · Leave a Comment
Get the WebProNews Newsletter:

It probably hasn’t been a fun week over at the Firefox team: News.com: Coding misstep forces new Firefox release.

Links: Coding misstep forces new Firefox release

Mark Pilgrim, over on the MozDev mailing list reports on a Greasemonkey/Firefox security hole:

“This particular exploit is much, much worse than I thought. GM_xmlhttpRequest can successfully “GET” any world-readable file on your local computer.”

http://diveintogreasemonkey.org/experiments/localfile-leak.html returns the contents of c:boot.ini, which exists on most modern Windows systems.

But wait, it gets worse. An attacker doesn’t even need to know the exact filename, since “GET”ting a URL like “file:///c:/” will return a parseable directory listing. (And Mac users don’t get to gloat either; you’re just as vulnerable, starting with a different root URL.)

Be careful out there!

Reader Comments

Robert Scoble is the founder of the Scobleizer blog. He works as PodTech.net’s Vice President of Media Development.

Go to Scobleizer

RELATED ARTICLES:

Mozilla Has Decided Not To Block Cookies In Firefox Just Yet

Mozilla Has Decided Not To Block Cookies In Firefox Just Yet

Online advertisers have been nervous the past few weeks as Mozilla moved forward with its plans to block third-party cookies by default in its Firefox browser. Some advertiser groups have even claime...
Firefox OS Simulator 3.0 Moves From Preview To Stable Release

Firefox OS Simulator 3.0 Moves From Preview To Stable Release

In March, Firefox released a preview of the latest Firefox OS Simulator. Some developers may not have jumped on board for fear of it being an unstable preview build, but that fear is no longer valid ...
Firefox OS Dev Units Now Available For Purchase

Firefox OS Dev Units Now Available For Purchase

It was revealed last week that the Firefox OS dev units from Geeksphone would finally be shipping after missing their originally planned launch in February. Now the phones are available, but you're ...
Top Rated White Papers and Resources

What do you think? Respond.

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

WebProNews Videos | Advertise | About Us | Newsletter | Archive | News Feeds | Terms & Conditions | Contact Us

WebProNews is an iEntry Network ® publication - © 1998-2013 All Rights Reserved.