We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Flaw found in Firefox pop-up blocker

Could allow attacker to access files

A flaw in the pop-up blocker of the open-source browser Firefox could allow an attacker to access local files, according to security analysts.

The flaw, however, does not affect Firefox 2.0, the latest full version of the browser, but version 1.5.0.9, according to Beyond Security, which credited the find to Michal Zalewski.

The attack could occur if a user manually allows a pop-window to appear. The browser normally blocks access to local files, but when a pop-up is manually allowed, normal URL permission checks are bypassed, Beyond Security said.

To make the hack work, however, a malicious file containing the exploit code would have to already be on the system, the advisory said. The file could be planted on the system by enticing a user to click on a link that would download the file.

The malicious file could then enable access to other files, which could be transferred to a remote server. Mozilla, the distributor of Firefox, could not immediately comment on the report.


IDG UK Sites

Samsung Galaxy S5 mini vs HTC One mini 2 comparison review: Design and price beats additional...

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

Colour-depth not resolution is what will make 4K a success or failure

IDG UK Sites

iPhone 6 vs iPhone 6 Plus: Which new iPhone 6 model should I buy?