July 3, 2007

Firefox is not a safe browser?

A new vulnerability reported in Firefox browser that allows malicious people to disclose sensitive information about the user.

As per the report from Secunia, a security firm, the new flaw is ‘caused due to a design error within the focus handling of form fields and can potentially be exploited by changing the focus from a "textarea" field to a "file upload" form field via the "OnKeyDown" event’.

‘Successful exploitation allows an arbitrary file on the user's system to be uploaded to a malicious web site, but requires that the user is tricked into typing the file name into a "textarea" input form’.

Although the weakness is confirmed in Firefox version 2.0.0.4, other versions may also be affected.

Secunia rated the flaw as "not critical", you're encouraged to avoid enter file names to form fields on un-trusted web sites and also to disable JavaScript support.

No comments:

Post a Comment