Overview
There have some vulnerability in latest version of Mozilla Firefox both 1.5.0.9 and 2.0.0.1 this vulnerability allows the attacker to read arbitrary user-accessible files on the system and Phishing protection allows people that conduct phishing to fool Firefox into thinking that the site is secure where in fact it should have been marked a phishing site
Description
5 February 2007: Popup Blocker Vulnerability Allows Reading Local Files : For security reasons, Firefox does not allow Internet-originating websites to access the file:// namespace. When the user chooses to manually allow a blocked popup however, normal URL permission checks are bypassed. The attacker may fool the browser to parse a chosen HTML document stored on the local file system, and because Firefox security manager treats all file:/// URLs as having “same origin”, such a document could read other local files at its discretion with the use of XMLHttpRequest, and relay that information to a remote server. This vulnerability effect with Firefox version 1.5.0.9
7 February 2007 : Phishing Protection Bypass Vulnerability : Phishing Protection takes Firefoxs security to a new level, helping to safeguard your financial information and protect you from identity theft. When you encounter a Web site that is a suspected forgery (known as a phishing site) Firefox will warn you and offer to take you to a search page so you can find the real Web site you were looking for. Please see more at Bugzilla #367538
11 February 2007 : Focus Bug Stealing Vulnerability : The vulnerability allows the attacker to silently redirect focus of selected key press events to an otherwise protected file upload form field. This is possible because of how onKeyDown / onKeyPress events are handled, allowing the focus to be moved between the two. If exploited, this enables the attacker to read arbitrary files on victim’s system. This vulnerability found in both Firefox version 1.5.0.9 and version 2.0.0.1 and Opera is most likely not vulnerable; Microsoft Internet Explorer is not vulnerable as-is, but might be vulnerable to a variant of the attack.
14 February 2007 : “location.hostname” Cross-Domain Vulnerability : A vulnerability has been identified in Mozilla Firefox, which could be exploited by remote attackers to bypass security restrictions and gain knowledge of sensitive information. This issue is due to an origin validation error when handling the “location.hostname” property, which could be exploited by remote attackers to steal authentication cookies from arbitrary sites by tricking a user into visiting a specially crafted web page. This vulnerability effected with Mozilla Firefox version 2.0.0.1. Please see Bugzilla #370445
Solution
There still no any official supplied patch from Mozilla Firefox for this issue.
References
- http://www.securiteam.com/securitynews/5JP051FKKE.html
- http://www.securiteam.com/securitynews/5MP0320KKK.html
- http://www.kb.cert.org/vuls/id/885753
- https://bugzilla.mozilla.org/show_bug.cgi?id=367538
- https://bugzilla.mozilla.org/show_bug.cgi?id=370445