Two Firefox flaws revealed
p2pnet.net News:- Two new flaws in Firefox browser could leave locally saved files vulnerable to outside attacks, says SecuriTeam, a division of Beyond Security.
Quoted by CNET News, the company says the first flaw lies in Firefox’s pop-up blocker feature.
“The browser typically does not allow Web sites to access files that are stored locally, according to the official report, but this URL permission check is superseded when a Firefox user has turned off pop-up windows manually,” it goes on. An attacker could use this to steal locally stored files and personal information that might be stored in them, says the story.
The second flaw, “concerns Firefox’s phishing protection feature,” says CNET, adding:
“With this vulnerability, an adept phisher could fool the browser into believing that a fraudulent site is actually secure by adding particular characters into the URL of its Web site. The phishing flaw does appear to apply to the current 2.0.0.1 version of Firefox.”
Also See:
CNET News – Two flaws found in Firefox, February 7, 2007
Want to subscribe to p2pnet by email with Feedburner? Just click here.
rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php | | And use our own p2pnet newsfeeds for your site
If your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at the University of Toronto’s Munk Centre for International Studies. Go here for the official download, here for the p2pnet download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.
