Mozilla is working to fix a browser flaw that could give attackers unauthorized access to data on a victim's machine.
The problem is similar to other data leakage flaws found in the open-source browser, according to researcher Gerry Eisenhaur, who first reported the problem on Saturday.
Eisenhaur has posted sample code that reads the contents of a Mozilla Thunderbird preferences file, but he believes that attackers could get access to more information with variations on his attack. "It's possible to load any javascript file on a victim's machine," he wrote in his blog posting. "This looks very interesting and may have bigger potential, but for now, it's just another information disclosure [flaw]."
"It could become something more if there was an application that stored sensitive data inside javascript files," he said via instant message. "Some plugins have been known to store usernames and passwords."
>> Source: InfoWorld
The problem is similar to other data leakage flaws found in the open-source browser, according to researcher Gerry Eisenhaur, who first reported the problem on Saturday.
Eisenhaur has posted sample code that reads the contents of a Mozilla Thunderbird preferences file, but he believes that attackers could get access to more information with variations on his attack. "It's possible to load any javascript file on a victim's machine," he wrote in his blog posting. "This looks very interesting and may have bigger potential, but for now, it's just another information disclosure [flaw]."
"It could become something more if there was an application that stored sensitive data inside javascript files," he said via instant message. "Some plugins have been known to store usernames and passwords."
>> Source: InfoWorld
