• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Found vulnerability in the Firefox built-in popup blocker

Found vulnerability in the Firefox built-in popup blocker

Myantispyware team February 7, 2007     No Comment    

This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information.

Vulnerable Systems: Firefox version 1.5.0.9

For security reasons, Firefox does not allow Internet-originating websites to access the file:// namespace. When the user chooses to manually allow a blocked popup however, normal URL permission checks are bypassed. The attacker may fool the browser to parse a chosen HTML document stored on the local filesystem, and because Firefox security manager treats all file:/// URLs as having “same origin”, such a document could read other local files at its discretion with the use of XMLHttpRequest, and relay that information to a remote server.

For protect your PC, upgrade Firefox to Firefox 2.0

Read more: Firefox Popup Blocker Allows Reading Arbitrary Local Files

Exploits & Vulnerabilities

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Ahoj Dovol abych se ti ze všeho nejdřív představil SCAM
Ahoj, Dovol, abych se ti ze všeho nejdřív představil EMAIL SCAM
Todayauto1.xyz
How to remove Todayauto1.xyz pop-ups (Virus removal guide)
Files encrypted with .igvm extension
How to remove Igvm ransomware, Decrypt .igvm files.
Yourfirmif.biz
How to remove Yourfirmif.biz pop-ups (Virus removal guide)
Ethereum Giveaway scam
Ethereum Giveaway SCAM (Virus removal guide)

Follow Us

Search

Useful Guides

This setting is enforced by your administrator (Removal guide)
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
remove chrome extension
How to remove Chrome extensions installed by enterprise policy
Iphone Calendar virus spam
Iphone Calendar Virus/Spam (Removal guide)
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide

Recent Posts

Mirar Toolbar – Unwanted Tool ? YES
Found new rogue antispyware apps – SpyMarshal, AntiVermins (AntiVerminser)
Found new fake codecs – SilverCodec and BrainCodec
More fake codec sites
Found new security scam sites

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.