Firefox vulnerability affects some extensions
A vulnerability in how Firefox handles chrome: addresses, which are used to load specific Firefox and extensions’ interface elements like windows, buttons and dialogs, could allow a malicious site to access local files in known locations.
The vulnerability affects extensions that are installed as a set of uncompressed files, as opposed to the more common .jar files. Download Statusbar and Greasemonkey are some of the most popular extensions affected.
Devon Jensen, developer of Download Statusbar has promptly released an update (0.9.5.3) that repackages the extension as a .jar file. If you are using this extension you can update by loading the Addons Manager (in the Tools menu, select Add-ons) and clicking on Find Updates.
There are many extensions that are deployed this way so it’s very hard to tell if you are affected or not. In the meantime you may want to disable temporarily your less frequently used extensions.
Mozilla Security has acknowledged the vulnerability (with an initial serverity of low) and is working on a solution as you read this.
Comments
The Week in Hidden Firefox Links | Firefox Facts
[...] Firefox vulnerability affects some extensions [...]
Firefox vulnerability severity raised, fix on its way : Mozilla Links
[...] further investigation, the severity of the chrome protocol directory traversal vulnerability disclosed last week has been raised from low to high by Mozilla [...]
Richard Baldonado
Hello,
The following link to a directory, does not work in FireFox and it works in Internet Explorer.
* [Integrated Install Logs(IE only)|file://66.77.67.219/scm_logs/Integrated]
Any help would be appreciated.
–Richard Baldonado
Vulnerabilidade do Firefox afecta algumas extensões | Open Mania
[...] já tem conhecimento deste bug e esta a trabalhar nele enquanto lê este post. Podem ler mais no MozillaLinks. Se gostou deste post então por favor subscreva ao RSS feed do Open Mania. Também pode [...]