Pop-up blocker problem found in Firefox browser

The Firefox browser is vulnerable to a flaw related to its pop-up blocker technology that could give access to local files

A flaw in the pop-up blocker of the open-source browser Firefox could allow an attacker to access local files, according to security analysts.

The flaw, however, does not affect Firefox 2.0, the latest version of the browser, but version 1.5.0.9, according to Beyond Security, which credited the find to Michal Zalewski.

The attack could occur if a user manually allows a pop-window to appear. The browser normally blocks access to local files, but when a pop-up is manually allowed, "normal URL permission checks are bypassed," Beyond Security said.

To make the hack work, however, a malicious file containing the exploit code would have to already be on the system, the advisory said. The file could be planted on the system by enticing a user to click on a link that would download the file.

The malicious file could then enable access to other files, which could be transferred to a remote server. Mozilla Corp., the distributor of Firefox, could not immediately comment on the report.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Beyond SecurityMozilla

Show Comments