Firefox vulnerability severity raised, fix on its way

By Percy Cabello

After further investigation, the severity of the chrome protocol directory traversal vulnerability disclosed last week has been raised from low to high by Mozilla Security.

The flaw, that affects some 600+ add-ons that are distributed as expanded files and folders instead of packed in a .jar file, could allow a malicious site to get access to user files in known locations.

A fix has already been issued and will be pushed to users with the next Firefox update, 2.0.0.12, due for late next week. In the meantime, I suggest disabling at least your less frequently used extensions and switch back to the default theme until the update is available.

Posted on January 29, 2008 - 11:09 pm || More on Firefox, News, Security

Comments

La vulnerabilidad de Firefox del protocolo chromeâ€¦ afecta a mÃ¡s de 600 complementos :

January 30, 2008 11:09 pm

[...] Todo esto despuÃ©s de darse cuenta que puede afectar a mÃ¡s de 600 complementos de Firefox, que son distribuidos como archivos comprimidos y carpetas, en vez de ser empaquetados como un archivo .jar, permitirÃa a un sitio malicioso conseguir acceso a los archivos locales en nuestro ordenador. [...]

Firefox 2.0.0.12 fixes a handful of security bugs : Mozilla Links

February 8, 2008 11:09 pm

[...] three of them labeled as critical, one as high, three moderate and three low, including the chrome directory traversal vulnerability announced last [...]

Trackback URI Comments RSS

Leave Comment

« Firefox 3 Add-ons Manager is almighty too 600 million Mozilla add-ons downloaded to date »