05.07.08 - 01:28pm
The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself. This usually results in the user seeing unwanted ads, but may be used for more malicious actions.
Everyone who downloaded the most recent Vietnamese language pack [...]
01.29.08 - 05:33pm
Background on this issue is available here.
Impact
An attacker can use this vulnerability to collect session information, including session cookies and session history. Firefox is not vulnerable by default. Only users that have installed “flat” packed add-ons are at risk. Discussion about “flat” packaged add-ons is here. A partial list of “flat” packed add-ons is available [...]
01.22.08 - 04:06pm
Issue
A vulnerability in the chrome protocol scheme allows directory traversal when a “flat” add-on is present resulting in potential information disclosure.
Impact
When a chrome package is “flat” rather than contained in a .jar the directory traversal allows escaping the extensions directory and reading files in a predictable location on the disk. Many add-ons are packaged in [...]
01.04.08 - 02:58pm
Issue
The realm value in a basic authentication dialog may be spoofed by a attacker to trick users into thinking the authentication request is coming from a different, trusted site.
Impact
When displaying the basic authentication dialog, Firefox displays the actual source of the request at the end of the dialog text. Some other browsers display the request [...]
11.16.07 - 04:52pm
Issue
jar: protocol is not restricted to java archives and will open any zip format file. An attacker can use this to evade filtering on sites that allow users to upload content and use this initiate a cross site scripting attack.
Impact
Firefox supports the Java Archive URI scheme that allows the addressing of the contents [...]
09.18.07 - 03:09pm
Firefox 2.0.0.7 was released this afternoon to patch the QuickTime issue described here. This will protect Firefox users from the public critical security vulnerability until a patch is available from Apple. I would like to personally thank the individuals at Apple who worked with us and the engineers at Mozilla that work so [...]
07.30.07 - 09:11pm
We’ve just released Firefox 2.0.0.6 which contains a security patch to mitigate the issue described here. The patch enables percent-encoding for spaces and double-quotes in URIs handed off to external programs. This reduces the risk of malicious data being passed through Firefox to another application that may then trigger unexpected and potentially dangerous [...]
07.25.07 - 02:15pm
Issue
We are currently investigating an issue on Windows XP, where some urls for “web” protocols that contain %00 launch the wrong handler and appear to be able to launch local programs, with limited argument passing.
Impact
The impact to users is unknown at this point in time. We are working to verify this and in the [...]
07.23.07 - 04:46pm
On July 10th, I posted about a security issue in URL protocol handling on Windows. In the previous example, Internet Explorer was the entry point and Firefox was the application receiving the bad data.
Over the weekend, we learned about a new scenario that identifies ways that Firefox could also be used as the entry [...]
07.18.07 - 11:49am
Firefox 2.0.0.5 is now available and there is a fix for the URL protocol handling issue described here. We warned that other Windows applications may be vulnerable to this Internet Explorer issue, and on Sunday Nate Mcfeters, Billy Rios, and Raghav Dube posted a proof of concept that demonstrates the same attack through Internet [...]