Mozilla says that flaw could lead to data leak
Wednesday, January 23, 2008; 6:35 PM
Mozilla is working to fix a browser flaw that could give attackers unauthorized access to data on a victim's machine.
The problem is similar to other data leakageflawsfound in the open-source browser, according to researcher Gerry Eisenhaur, who firstreportedthe problem on Saturday.
"Its also just a powerful way to do recon," he added.
Hackers have discovered a number of flaws in recent months that take advantage of the way that browsers pass information between different components within the Windows operating system. Some of these URI (Uniform Resource Identifier) protocol handler flaws have led to serious security problems for both Firefox and Internet Explorer.
This latest flaw affects only certain Firefox add-ons, such as the Download Statusbar or Greasemonkey, which store scripts in a fashion that lets them be discovered on the hard drive, said Window Snyder, Mozilla's security chief in aWednesday blog posting.
Firefox isinvestigatingthe issue and has rated it as a low-severity problem, she said.