Mozilla Security Hole
Tuesday April 30th, 2002
Anonymous reports: "Grey Magic is reporting a minor security hole in Mozilla builds from at least 0.9.2 up to the current trunk and 1.0 branch. A bug has been filed in bugzilla, and will be opened to the public to view once the fix has been made. This also affects Netscape browsers from at least 6.1 on. There are no known uses of the vulnerability at this time." We'll let you know when a patch has been checked in for this.
On a side note, Grey Magic recommends that users "should move to a better performing, less buggy browser," on their vulnerability page. Looking at the open issues for it, IE clearly doesn't seem like the better choice.
UPDATE! A fix has been checked into the trunk, and has been approved for checkin to the 1.0 branch. Expect it to be in nightly builds for both branch and trunk starting tomorrow.
#33 Re: That doesn't help you much
Tuesday April 30th, 2002 6:47 PM
You are replying to this message
"Imagine someone reading one of your top-secret documents, your credit card details, the password to your ISP/bank account, etc."
While an exploit of this type is serious, I believe that we should keep in mind that you'd need to know the exact file name in order to retrieve the file contents. Profile data should be impossible to get at, as the directory name is "salted", as others have pointed out. Also, on UNIX, the user is hopefully not logged in as root, thus it should be impossible to retrieve the most sensitive information. I don't see how anyone could retrieve "top secret documents" without knowing the fully qualified path name, which on UNIX includes the name of the user currently logged in.